Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BundleSweetIMSetup.exe

Overview

General Information

Sample name:BundleSweetIMSetup.exe
Analysis ID:1431987
MD5:bcc96659d6a46536dbde959fb9d60f67
SHA1:eb2352a46bf4d0112346814b406f2af3484cb93f
SHA256:beb0423b1afe047964ad168060a8fd92c550814f6797b937ee0092004640aa18
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:50
Range:0 - 100

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates an undocumented autostart registry key
Found suspicious ZIP file
Overwrites Mozilla Firefox settings
Tries to harvest and steal browser information (history, passwords, etc)
Changes the start page of internet explorer
Checks for available system drives (often done to infect USB drives)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Internet Explorer Autorun Keys Modification
Sigma detected: Suspicious Execution From GUID Like Folder Names
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • BundleSweetIMSetup.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\BundleSweetIMSetup.exe" MD5: BCC96659D6A46536DBDE959FB9D60F67)
    • SweetIMSetup.exe (PID: 7004 cmdline: /s /w /v" /qn SIMHP=0 SIMSP=0 " MD5: CED6A16415E6AE2243ACC2B776B9D965)
      • msiexec.exe (PID: 6608 cmdline: MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • SweetIESetup.exe (PID: 7592 cmdline: /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} " MD5: 4E3FCE1D8BE37088E4E40B829DA24091)
      • msiexec.exe (PID: 7628 cmdline: MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\SweetIESetup.msi" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} SETUPEXEDIR="C:\Users\user\AppData\Local\Temp" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • chrome.exe (PID: 7992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588} MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,7459701528248846225,13626864308159879949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • msiexec.exe (PID: 6888 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7204 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A265C8E8A3BB4B1A10A4D9F720E583B6 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • VistaCookiesCollector.exe (PID: 7288 cmdline: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe http://sweetim.com,C:\Users\user\AppData\LocalLow\simcookies.dat MD5: 8E11C6FCF30B1DC4C7069144B80C2709)
      • SweetIM.exe (PID: 7388 cmdline: "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" -AutoStartIM MD5: 15A4D1A8C15CB3C0C13C3F36899475E6)
    • msiexec.exe (PID: 7684 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F0CC6D3E1A3C8837D5C7D007B45C879F MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Internet Explorer Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\msiexec.exe, ProcessId: 7684, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\SweetIM\Toolbars\Internet Explorer\Data\UserSelectedHP
Sigma detected: Suspicious Execution From GUID Like Folder Names
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp", CommandLine: MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msiexec.exe, NewProcessName: C:\Windows\SysWOW64\msiexec.exe, OriginalFileName: C:\Windows\SysWOW64\msiexec.exe, ParentCommandLine: /s /w /v" /qn SIMHP=0 SIMSP=0 ", ParentImage: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe, ParentProcessId: 7004, ParentProcessName: SweetIMSetup.exe, ProcessCommandLine: MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp", ProcessId: 6608, ProcessName: msiexec.exe
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: SWEETIE, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\msiexec.exe, ProcessId: 7684, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\(Default)

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://storage2.stgbssint.com/Search/SearchApplication/Resources/Images/Search/closeSprite.pngAvira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exeReversingLabs: Detection: 34%
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dllReversingLabs: Detection: 21%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dllReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dllReversingLabs: Detection: 24%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dllReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dllReversingLabs: Detection: 21%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dllReversingLabs: Detection: 22%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dllReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dllReversingLabs: Detection: 29%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dllReversingLabs: Detection: 25%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dllReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dllReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dllReversingLabs: Detection: 27%
Source: C:\Program Files (x86)\SweetIM\Messenger\mghooking.dllReversingLabs: Detection: 33%
Source: C:\Program Files (x86)\SweetIM\Messenger\mglogger.dllReversingLabs: Detection: 29%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dllReversingLabs: Detection: 20%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exeReversingLabs: Detection: 30%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dllReversingLabs: Detection: 28%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exeReversingLabs: Detection: 31%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dllReversingLabs: Detection: 27%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dllReversingLabs: Detection: 24%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dllReversingLabs: Detection: 27%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dllReversingLabs: Detection: 24%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dllReversingLabs: Detection: 25%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dllReversingLabs: Detection: 21%
Source: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dllReversingLabs: Detection: 24%
Source: C:\Users\user\AppData\Local\Temp\1714110143_4764500_750.tmpReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\1714110143_4764625_750.tmpReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exe (copy)ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe (copy)ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\mgSqlite3.dllReversingLabs: Detection: 20%
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\mgSqlite3.dllReversingLabs: Detection: 20%
Source: C:\Windows\Installer\MSIC547.tmpReversingLabs: Detection: 28%
Source: C:\Windows\Installer\MSID16F.tmpReversingLabs: Detection: 28%
Source: C:\Windows\Installer\MSID25A.tmpReversingLabs: Detection: 28%
Source: C:\Windows\Installer\MSID2C8.tmpReversingLabs: Detection: 28%
Source: C:\Windows\Installer\MSIEB08.tmpReversingLabs: Detection: 21%
Source: C:\Windows\Installer\MSIEF30.tmpReversingLabs: Detection: 24%
Source: C:\Windows\Installer\MSIF7EB.tmpReversingLabs: Detection: 21%
Source: C:\Windows\Installer\MSIF889.tmpReversingLabs: Detection: 21%
Multi AV Scanner detection for submitted file
Source: BundleSweetIMSetup.exeReversingLabs: Detection: 50%
Source: BundleSweetIMSetup.exeVirustotal: Detection: 37%Perma Link
Source: https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}HTTP Parser: No favicon

Compliance

barindex
Uses 32bit PE files
Source: BundleSweetIMSetup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeWindow detected: Agree && Continue >DisagreeTo continue the installation you must agree to the following terms of service agreementSweetIM provides aid when misspelling or incorrectly formatting browser address request.SWEETIM Technologies LTD.Thank you for installing SweetIM for Messenger and SweetIM Toolbar for browserSweetIM is certified as Trusted Download Program by TRUSTeEND USER LICENSE AGREEMENT / TERMS OF SERVICE / AND PRIVACY POLICY IMPORTANT - PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.THIS AGREEMENT SHALL GOVERN YOUR USE OF SWEETIM SOFTWARE SERVICE AND SITE. IF AFTER READING THIS AGREEMNET YOU WISH TO USE THE SWEETIM SOFTWARE WEBSITE AND ITS FEATURES PLEASE INDICATE YOUR ACCEPTANCE HEREOF BY CLICKING "I AGREE" AT THE END.Please note: (1) you MUST be 13 years or older to install or to use the SweetIM Software. If you are not yet 13 do not download SweetIM Software; (2) the SweetIM Software is not intended for use by or be available to persons under the age limit of any jurisdiction which restricts the use of Internet-based applications and services according to age. IF YOU RESIDE IN SUCH A JURISDICTION AND ARE UNDER THAT JURISDICTION'S AGE LIMIT FOR USING INTERNET-BASED APPLICATIONS OR SERVICES YOU MAY NOT DOWNLOAD INSTALL OR USE THE SWEETIM SOFTWARE AND YOU MAY NOT ACCESS THE SERVICESThis combined End User License Agreement / Terms / and Privacy policy (The "Agreement") constitutes a valid and binding agreement between SweetIM Technologies LTD. (formerly known as Imvent Ltd) which governs the use of the SweetIM Website Software and its features (together with its affiliates successors and assigns "SweetIM") and you ("you" or "your") for the use of the SweetIM Software Network Content and Services as defined below. You must enter into this agreement in order to install and use such SweetIM Software. When you download the SweetIM Software you will receive the following software features: 1.SweetIM for Messenger: An add-on toolbar that allows you to easily add fun content to your instant messenger conversations. This content is updated constantly and offers fun Emoticons Audibles Winks SoundFX Nudges Games special effects and more.2.SweetIM Toolbar for IE and for Firefox: A toolbar that is located on your internet browser and allows you to:oAdd SweetIM fun content such as emoticons texticons and other animations to web mail chat forums and social networksoSearch the web through SweetIM Search powered by Google (described below).oSweetIM Search: allows you to search the web through:1.A search box in the toolbar.2.Default Search (for IE 7 and up and Firefox): Using the search box next to the address bar. Upon installation we offer you to use SweetIM search as your default search provider in IE 7 and up and Firefox. You can manually choose other search providers by clicking on the drop down button next to the search box. 3. Search Assistance: if you place a search query in the address bar or misspell an address this feature provides you with
PE / OLE file has a valid certificate
Source: BundleSweetIMSetup.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeFile opened: C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dllJump to behavior
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 13.249.98.125:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.98.125:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: BundleSweetIMSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mgconfig.pdb source: mgconfig.dll0.3.dr
Source: Binary string: C:\Imvent\Develop\Client\vc\SweetSDM\Release\SweetSDM.pdb source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\Release_bin\mgHelper.pdbh source: mgHelper.dll.3.dr
Source: Binary string: c:\SimOlderVersions\SIM 3.6\Client\vc\output\Release\mgICQMessengerAdapter.pdb source: mgICQMessengerAdapter.dll.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mghooking.pdb source: mghooking.dll0.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mghooking.pdb source: mghooking.dll0.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\Release_bin\mgHelper.pdb source: mgHelper.dll.3.dr
Source: Binary string: msvcp71.pdb source: SweetIM.exe, SweetIM.exe, 00000007.00000002.1895639481.000000007C3C1000.00000020.00000001.01000000.00000010.sdmp, msvcp71.dll.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\output\release\mgToolbarProxy.pdb source: mgToolbarProxy.dll.3.dr
Source: Binary string: c:\SimOlderVersions\SIM 3.6\Client\vc\output\release\mgICQAuto.pdb source: mgICQAuto.dll.3.dr
Source: Binary string: C:\Imvent\Develop\Client\vc\SweetSDM\Release\SweetSDM.pdb@ source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: msvcr71.pdb source: SweetIMSetup.exe, 00000001.00000002.1844516312.000000007C361000.00000020.00000001.01000000.00000011.sdmp, SweetIM.exe, SweetIM.exe, 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00413D18 __EH_prolog,GetTempPathA,FindFirstFileA,CompareFileTime,DeleteFileA,FindNextFileA,FindClose,1_2_00413D18
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00422D97 CreateEventA,GetProcAddress,SearchPathA,GetModuleFileNameA,FindFirstFileA,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect,FindClose,FindClose,1_2_00422D97
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B36A0 _IsDirectoryEmpty@4,wcslen,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,FindFirstFileW,wcscmp,wcscmp,wcscmp,FindNextFileW,FindClose,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_007B36A0
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B3800 DeleteFolder,wcslen,IsDirectoryFile,wcscpy,PathAddBackslashW,PathAddExtensionW,FindFirstFileW,FindNextFileW,wcscpy,PathAddBackslashW,wcscat,DeleteFileW,DeleteFolder,FindClose,RemoveDirectoryW,7_2_007B3800
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_10007070 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,RegQueryValueExW,wcslen,wcscat,_IsFileExist@4,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,RegCloseKey,?GetShellFolderPath@@YG?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_IsFileExist@4,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,RegQueryValueExW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,wcslen,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,wcscpy,PathStripPathW,wcslen,wcslen,wcslen,?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z,?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,FindClose,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z,?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB,wcslen,?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z,?SplitString@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@H@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_10007070
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C378DFA _wstat,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileW,wcspbrk,_wfullpath,wcslen,GetDriveTypeW,_errno,__doserrno,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,7_2_7C378DFA
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C376DCB _findfirst64,FindFirstFileA,GetLastError,_errno,_errno,_errno,strcpy,7_2_7C376DCB
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C377ED3 _stat,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileA,_mbspbrk,_fullpath,strlen,GetDriveTypeA,_errno,__doserrno,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,7_2_7C377ED3
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C376FD6 _findfirsti64,FindFirstFileA,GetLastError,_errno,_errno,_errno,strcpy,7_2_7C376FD6
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_10016120 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,InternetCheckConnectionW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_10016120
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.50.149
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.50.149
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C3CC0 ?URLDownload@CDownloadManager@@QAEHPBGPAGPAVCBSCallbackImpl@@H@Z,GetFileAttributesW,SetFileAttributesW,RegOpenKeyExW,RegEnumKeyExW,RegCloseKey,URLDownloadToFileW,DeleteUrlCacheEntryW,DeleteFileW,InternetOpenW,InternetSetOptionW,InternetOpenUrlW,InternetCloseHandle,HttpQueryInfoW,HttpQueryInfoW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,HttpQueryInfoW,_wtol,CreateFileW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,WriteFile,FlushFileBuffers,Sleep,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,DeleteUrlCacheEntryW,7_2_004C3CC0
Source: global trafficHTTP traffic detected: GET /bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: content.sweetim.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6NvAnKL1OPtr5PT&MD=RuvlYw+b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: content.sweetim.comConnection: Keep-AliveCookie: UserId=C0736790-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A21.577Z
Source: global trafficHTTP traffic detected: GET /installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588} HTTP/1.1Host: www.sweetim.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /crx/blobs/AfQPRnlSkk0SHkG5PXvb3F_Q7hH-5ddsxHHT56Cx-_JWux0fg0SnDHAT6sRgPwMxLj9QK3jdbgroAjU8smhTZreN3EjllobyDxCd6anURJdX2LwhsxiO4Wd9jGJUvOZjNG0AxlKa5b7kLavSfewVpsPdhgIchnuqABvb/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_4_1_2.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /search/images/homepage/button_bg.png HTTP/1.1Host: se-p-static-content.seccint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sweetim.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Search/SearchApplication/Resources/SpyGlass130x40.png HTTP/1.1Host: storage2.stgbssint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sweetim.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Search/SearchApplication/Resources/Images/Search/closeSprite.png HTTP/1.1Host: storage2.stgbssint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sweetim.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sweetim.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-arch: "x86"sec-ch-ua-platform-version: "10.0.0"dpr: 1downlink: 1.3sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"device-memory: 8rtt: 350sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36viewport-width: 1280sec-ch-ua-full-version: "117.0.5938.132"ect: 3gAccept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UserId=D725A570-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A59.655Z; st=SearchWeb; _hse=true
Source: global trafficHTTP traffic detected: GET /search/images/homepage/button_bg.png HTTP/1.1Host: se-p-static-content.seccint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Search/SearchApplication/Resources/SpyGlass130x40.png HTTP/1.1Host: storage2.stgbssint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Search/SearchApplication/Resources/Images/Search/closeSprite.png HTTP/1.1Host: storage2.stgbssint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.sweetim.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UserId=D725A570-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A59.655Z; st=SearchWeb; _hse=true
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6NvAnKL1OPtr5PT&MD=RuvlYw+b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: content.sweetim.com
Source: global trafficHTTP traffic detected: GET /bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: content.sweetim.comCookie: UserId=C0736790-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A21.577Z
Source: global trafficHTTP traffic detected: GET /installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588} HTTP/1.1Host: www.sweetim.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: toolbar.xml.3.drString found in binary or memory: <EXTERNAL_SEARCH target="sim_search_combo" engine="http://www.facebook.com/s.php" param="q=" encoding="65001"/> equals www.facebook.com (Facebook)
Source: toolbar.xml.3.drString found in binary or memory: <WEBJUMP name="doFacebookNewTab" href="http://www.facebook.com" targetwindow="newtab"/> equals www.facebook.com (Facebook)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920992518.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920858823.0000000002B1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}, equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exeString found in binary or memory: "],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https:/ equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920491757.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920281542.0000000004274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}} equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}": equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1919261004.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919178794.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919315905.000000000427A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}":i equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1916601668.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919721396.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1921062510.000000000427A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}i equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1916881361.000000000429A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}ru equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajap equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exeString found in binary or memory: fault"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeo equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exeString found in binary or memory: ml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google. equals www.youtube.com (Youtube)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1920760714.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920726981.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1922449222.00000000042C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}}, equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: content.sweetim.com
Source: global trafficDNS traffic detected: DNS query: www.sweetim.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: storage2.stgbssint.com
Source: global trafficDNS traffic detected: DNS query: se-p-static-content.seccint.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.google.com
Source: toolbar.xml.3.drString found in binary or memory: http://127.0.0.1/test/content-notifier.js
Source: toolbar.xml.3.drString found in binary or memory: http://127.0.0.1/test/locales34.xml
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://127.0.0.1/test/rc_tb.html
Source: addonlistener.js.10.dr, addonlistener.js0.10.drString found in binary or memory: http://adblockplus.org/blog/how-many-hacks-does-it-take-to-make-your-extension-install-without-a-res
Source: chromecache_795.15.drString found in binary or memory: http://api.autocompleteplus.com/?q=
Source: stringbundles.js1.10.dr, stringbundles.js0.10.drString found in binary or memory: http://books.mozdev.org/html/mozilla-chp-11-sect-3.html)
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/emoticons/mietb202p.html
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/fb/images/facebook.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/fb/m0100.html
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/animals.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/emoticons.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/gestures.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/glitters.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/love.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/icons/webmail/texticons.png
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/resources/fb/ieinfb.js
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/resources/fb/ieinfb_https.js
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=1
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=2
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=3
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=4
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=5
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/webmail/mietb20i.html?menu=7
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.content.sweetim.com/toolbar/winks/mietb202p.html
Source: toolbar.xml.3.drString found in binary or memory: http://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?publisherId=3205&amp;sectionId=767997
Source: BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1969481685.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2062389261.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061074019.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2063830032.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068383399.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065296062.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000EEA000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&8
Source: BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000EAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948
Source: BundleSweetIMSetup.exe, 00000000.00000002.2076285085.0000000004281000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073166287.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://content.sweetim.com/bi/track.gif?prodid=1&compid=actid=%d;;cargo=&irmaReportDownloadRemoteFil
Source: sweetim-contentmenu.xul0.10.dr, sweetim-contentmenu.xul.10.drString found in binary or memory: http://content.sweetim.com/sim/mfftb20.html
Source: MSIC4F8.tmp.3.dr, MSIDA99.tmp.3.dr, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIE99E.tmp.3.dr, MSIF8B9.tmp.3.dr, MSIEAC8.tmp.3.drString found in binary or memory: http://crl.thawte.com/ThawteCodeSigningCA.crl0
Source: MSIC4F8.tmp.3.dr, MSIDA99.tmp.3.dr, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIE99E.tmp.3.dr, MSIF8B9.tmp.3.dr, MSIEAC8.tmp.3.drString found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: cookies.js0.10.dr, cookies.js1.10.dr, cookies.js.10.drString found in binary or memory: http://developer.mozilla.org/En/NsICookieService
Source: commands.js0.10.drString found in binary or memory: http://developer.mozilla.org/en/docs/Code_snippets:Cookies
Source: SIMAutoCompleteSearch.js1.10.dr, SIMAutoCompleteSearch.js.10.drString found in binary or memory: http://developer.mozilla.org/en/docs/How_to_implement_custom_autocomplete_search_component
Source: splitter.js0.10.drString found in binary or memory: http://developer.mozilla.org/en/docs/XUL_Tutorial:More_Event_Handlers
Source: install.js.10.drString found in binary or memory: http://developer.mozilla.org/en/docs/nsIFile:remove
Source: config.js0.10.drString found in binary or memory: http://developer.mozilla.org/en/docs/nsIPrefBranch
Source: bar.js1.3.drString found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8
Source: SIMAutoCompleteSearch.js1.10.dr, SIMAutoCompleteSearch.js.10.drString found in binary or memory: http://forums.mozillazine.org/viewtopic.php?f=19&t=2070317)
Source: cookies.js0.10.dr, cookies.js1.10.dr, cookies.js.10.drString found in binary or memory: http://forums.mozillazine.org/viewtopic.php?f=27&t=656397
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941745817.00000000042A1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931426271.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931108151.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942049041.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931392225.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931985408.000000000429C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931954475.000000000429A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945571211.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947052473.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1940929338.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931858184.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947428250.00000000042A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.swee
Source: BundleSweetIMSetup.exe, 00000000.00000002.2076375666.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1949290499.00000000042A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.sweeA
Source: prefs.js.0.dr, globals.js0.10.drString found in binary or memory: http://home.sweetim.com
Source: BundleSweetIMSetup.exe, 00000000.00000003.1921147282.00000000042A1000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: http://home.sweetim.com/?barid=
Source: toolbar.xml.3.drString found in binary or memory: http://home.sweetim.com/?st=1$amp_crg_equals_cargo;
Source: BundleSweetIMSetup.exe, 00000000.00000003.1969399479.0000000002A86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.sweetim.com/cal
Source: BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936066195.00000000042BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.sweetim.com;
Source: mgsimcommon.dll.3.drString found in binary or memory: http://home.sweetim.com?barid=/&barid=&amp;barid=?http://search.sweetim.com/search.asp?src=6&q=
Source: SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIEB08.tmp.3.dr, MSIF7EB.tmp.3.drString found in binary or memory: http://home.sweetim.comPrevious.HKLM.Start
Source: 48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drString found in binary or memory: http://home.sweetim.comSIMHPURLhttp://search.sweetim.com/?src=6&amp;q=
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SweetIM.exe, 00000007.00000002.1893180868.00000000004A4000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://home.sweetim.comhttp://search.sweetim.com/search.asp?src=6&q=
Source: chromecache_795.15.drString found in binary or memory: http://info.sweetim.com
Source: chromecache_795.15.drString found in binary or memory: http://info.sweetim.com/aboutus/
Source: chromecache_795.15.drString found in binary or memory: http://info.sweetim.com/privacy-policy/
Source: chromecache_795.15.drString found in binary or memory: http://info.sweetim.com/terms/
Source: install.js.10.drString found in binary or memory: http://kb.mozillazine.org/Keyword.URL)
Source: install.js.10.drString found in binary or memory: http://kb.mozillazine.org/Search_Provider)
Source: mglogger.dll0.3.drString found in binary or memory: http://mguglielmi.free.fr
Source: MSIC4F8.tmp.3.dr, MSIDA99.tmp.3.dr, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIE99E.tmp.3.dr, MSIF8B9.tmp.3.dr, MSIEAC8.tmp.3.drString found in binary or memory: http://ocsp.thawte.com0
Source: mglogger.dll0.3.drString found in binary or memory: http://resource.jsmadeeasy.com/viewscript.asp?scriptid=507
Source: inject.js.10.dr, inject.js1.10.drString found in binary or memory: http://sc.sweetim.com/apps/in/fb/infb.js
Source: install.js.10.drString found in binary or memory: http://search.sweetim.
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SweetIM.exe, 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmp, 48c209.msi.3.dr, install.js.10.dr, MSID16F.tmp.3.dr, SweetIESetup.msi.8.dr, MSID25A.tmp.3.dr, 48c20d.msi.3.dr, sweetim.xml.10.dr, MSIC547.tmp.3.drString found in binary or memory: http://search.sweetim.com
Source: BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.sweetim.com/?src=6$1q=
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944736609.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945416513.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946637880.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948776353.00000000042C0000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941087262.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941207681.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944813184.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1949217415.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945116548.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.sweetim.com/?src=6&amp;q=
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://search.sweetim.com/?src=6&q=
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=1&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=1&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=10&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=11&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=12&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=13&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=14&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=15&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=15&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=16&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=17&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=2&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=2&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=3&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=3&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=4&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=4&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=5&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=5&amp;q=%sim_search_combo
Source: toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=6&amp;q=$sim_search_combo;
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=6&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=7&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=8&amp;q=%sim_search_combo
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://search.sweetim.com/redir.asp?pid=9&amp;q=%sim_search_combo
Source: globals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drString found in binary or memory: http://search.sweetim.com/search.asp
Source: search.js0.10.drString found in binary or memory: http://search.sweetim.com/search.asp?src=1&q=%sim_search_combo
Source: mgHelper.dll.3.drString found in binary or memory: http://search.sweetim.com/search.asp?src=2&pdp=1000&q=%shttp://search.sweetim.com/search.asp?src=8&p
Source: MenuExt.html.3.drString found in binary or memory: http://search.sweetim.com/search.asp?src=4&q=
Source: BundleSweetIMSetup.exe, 00000000.00000003.1923091904.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1969287489.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1922482118.00000000042A1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1922236173.00000000042A1000.00000004.00000020.00020000.00000000.sdmp, SweetIM.exe, 48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drString found in binary or memory: http://search.sweetim.com/search.asp?src=6&q=
Source: install.js.10.drString found in binary or memory: http://search.yahoo.com/
Source: addonlistener.js.10.dr, addonlistener.js0.10.drString found in binary or memory: http://stackoverflow.com/questions/6284051/in-my-firefox-extension-onuninstalled-event-doesnt-seem-t
Source: VistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, VistaCookiesCollector.exe, 00000005.00000002.1791260931.0000000000450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sweetim.com
Source: VistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sweetim.com/
Source: VistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sweetim.com/c77b0923665da6f1
Source: VistaCookiesCollector.exe, 00000005.00000002.1791537351.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sweetim.com2;C:
Source: 48c20d.msi.3.dr, MSIEB08.tmp.3.dr, MSIF7EB.tmp.3.drString found in binary or memory: http://sweetim.comAnalyzeCookieslogDllVersion.
Source: 48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drString found in binary or memory: http://sweetim.comREFERRALID
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://sweetim.comREFERRALIDGetReferralCookieFound.
Source: toolbar.xml.3.drString found in binary or memory: http://tab.search.sweetim.com/tab.asp
Source: cookies.js0.10.dr, cookies.js1.10.dr, cookies.js.10.drString found in binary or memory: http://weblogs.mozillazine.org/doron/archives/2008/06/extensions_and_firefox_3_nsico.html
Source: 48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drString found in binary or memory: http://www.aim.comSweetIM
Source: toolbar.xml.3.drString found in binary or memory: http://www.hi5.com
Source: MSIC4F8.tmp.3.dr, MSIDA99.tmp.3.dr, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIE99E.tmp.3.dr, MSIF8B9.tmp.3.dr, MSIEAC8.tmp.3.drString found in binary or memory: http://www.macrovision.com0
Source: install.rdf1.10.drString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: SweetIM.exe, 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmp, 48c209.msi.3.dr, MSID16F.tmp.3.dr, SweetIESetup.msi.8.dr, MSID25A.tmp.3.dr, 48c20d.msi.3.dr, sweetim.xml.10.dr, MSIC547.tmp.3.drString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.css.10.dr, bindings.xml0.10.dr, bindings.xml1.10.dr, sweetim-contentmenu.xul0.10.dr, sweetim-toolbar.xul1.10.dr, sweetim-contentmenu.xul.10.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: bindings.xml1.10.drString found in binary or memory: http://www.mozilla.org/xbl
Source: toolbar.xml.3.drString found in binary or memory: http://www.orkut.com
Source: 48c20b.rbs.3.dr, MSICDA5.tmp.3.dr, install.rdf1.10.dr, globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/about_overview.asp
Source: SweetIM.exe, 00000007.00000002.1894174346.0000000002630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sweetim.com/autoupdate/u.asp
Source: BundleSweetIMSetup.exe, 00000000.00000002.2073166287.0000000000E7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sweetim.com/cbi.gif
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.sweetim.com/cbi.gifSubmitTrackingPixel.
Source: SweetIM.exe, 00000007.00000002.1894174346.0000000002630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sweetim.com/download/install/SweetIMSetup.exeup.exe
Source: globals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/eula.html#privacy
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/forum/
Source: BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1675117885.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2071455802.000000000045F000.00000040.00000001.01000000.00000003.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712010420.0000000002A3C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674811988.0000000002A4D000.00000004.00000020.00020000.00000000.sdmp, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.drString found in binary or memory: http://www.sweetim.com/help
Source: globals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/help_contact.asp
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/help_simff.asp
Source: BundleSweetIMSetup.exe, 00000000.00000003.1674811988.0000000002A4D000.00000004.00000020.00020000.00000000.sdmp, toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/help_simie.asp
Source: BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1675117885.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2071455802.000000000045F000.00000040.00000001.01000000.00000003.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712010420.0000000002A3C000.00000004.00000020.00020000.00000000.sdmp, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.drString found in binary or memory: http://www.sweetim.com/help_simie.asp#inst
Source: BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sweetim.com/installbar.asp?barid=
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/installbar.asp?barid=$toolbar_id;
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/installbar.asp?barid=%toolbar_id
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.sweetim.com/installbar.asp?barid=GetSIMAppID
Source: 48c20d.msi.3.dr, MSIEB08.tmp.3.dr, MSIF7EB.tmp.3.drString found in binary or memory: http://www.sweetim.com/installbar.asp?barid=http://www.sweetim.com/uninstallbar.asp?barid=http://www
Source: sweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drString found in binary or memory: http://www.sweetim.com/simffbar/rc.html
Source: install.rdf1.10.drString found in binary or memory: http://www.sweetim.com/simffbar/update.rdf?ff_version=%APP_VERSION%&amp;toolbar_status=%ITEM_STATUS%
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/simiebar/
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/simiebar/download/toolbar.cab
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/uninstallbar.asp?barid=%toolbar_id
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.sweetim.com/uninstallbar.asp?barid=http://www.sweetim.com/updatebar.aspFinalizeSweetIESet
Source: toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/uninstallhelp.asp
Source: globals.js1.10.dr, globals.js0.10.drString found in binary or memory: http://www.sweetim.com/uninstallhelpff.asp
Source: 48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drString found in binary or memory: http://www.sweetim.com/uninstallim.asp?simappid=%sUPGRADINGPRODUCTCODEhttp://www.sweetim.com/downloa
Source: globals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drString found in binary or memory: http://www.sweetim.com/updatebar.asp
Source: 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drString found in binary or memory: http://www.sweetim.com0
Source: uninstallobserver.js1.10.dr, uninstallobserver.js0.10.drString found in binary or memory: http://xulsolutions.blogspot.com/2006/07/creating-uninstall-script-for.html
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1916707330.0000000004277000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1916707330.0000000004277000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.l
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.lga1.a
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.lga1.admark
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&c
Source: BundleSweetIMSetup.exe, 00000000.00000003.1948585972.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947911162.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947694690.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942852451.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934723785.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946074746.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934003704.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946308990.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947731414.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947620062.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934221488.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944457193.00000000042C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.n
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.lga1.ap01.net/ctp?
Source: BundleSweetIMSetup.exeString found in binary or memory: https://bridge.lga1.ap01.net/ctp?versio
Source: BundleSweetIMSetup.exe, 00000000.00000003.1947093299.0000000002B1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=169633223
Source: BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936131977.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946115163.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944882361.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932917107.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935096471.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945303103.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948205588.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934686053.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935997640.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946975552.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: SIMAutoCompleteSearch.js1.10.dr, SIMAutoCompleteSearch.js.10.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=625319
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/asse
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icoht
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931240313.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931426271.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932093565.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932017591.00000000042AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appi0
Source: BundleSweetIMSetup.exe, 00000000.00000003.1969287489.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content.sweetim.com/4
Source: BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:14569594
Source: BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2064156782.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068807066.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2074530070.0000000002A48000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2066491581.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061074019.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2064156782.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073166287.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A46000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:14569594
Source: BundleSweetIMSetup.exe, 00000000.00000003.1969287489.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content.sweetim.com/c
Source: BundleSweetIMSetup.exe, 00000000.00000003.1948585972.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947911162.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947694690.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942852451.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934723785.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946074746.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934003704.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946308990.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947731414.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947620062.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934221488.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944457193.00000000042C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: BundleSweetIMSetup.exeString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_
Source: BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936131977.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946115163.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944882361.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932917107.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935096471.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945303103.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948205588.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934686053.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935997640.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946975552.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: tabinfo.js.10.drString found in binary or memory: https://developer.mozilla.org/en/Code_snippets/Tabbed_browser
Source: addonlistener.js.10.dr, addonlistener.js0.10.drString found in binary or memory: https://developer.mozilla.org/en/Extensions/Bootstrapped_extensions)
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.googl
Source: BundleSweetIMSetup.exeString found in binary or memory: https://docs.google.
Source: BundleSweetIMSetup.exeString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chro
Source: BundleSweetIMSetup.exeString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: BundleSweetIMSetup.exeString found in binary or memory: https://docs.google.com/presentat
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/in
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1919261004.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1916601668.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920924192.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1916881361.000000000429A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919178794.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919721396.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920491757.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1921062510.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920992518.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920281542.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1919748111.0000000004274000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920858823.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920760714.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1920726981.00000000042C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933055444.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933341291.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933188058.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933228210.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932983840.00000000042B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.go
Source: BundleSweetIMSetup.exeString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_d
Source: BundleSweetIMSetup.exeString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaul
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?
Source: BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935482180.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935848149.00000000042AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7
Source: BundleSweetIMSetup.exe, 00000000.00000003.1947769791.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947178638.00000000042B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBU
Source: BundleSweetIMSetup.exeString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqmf
Source: BundleSweetIMSetup.exeString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR
Source: BundleSweetIMSetup.exeString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9
Source: prefs.js.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: BundleSweetIMSetup.exeString found in binary or memory: https://mail.google.com/mail/installwebapp
Source: BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrom4
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: BundleSweetIMSetup.exeString found in binary or memory: https://support.micr
Source: BundleSweetIMSetup.exeString found in binary or memory: https://www.amazon.
Source: BundleSweetIMSetup.exe, 00000000.00000002.2076466457.00000000042B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=G
Source: BundleSweetIMSetup.exeString found in binary or memory: https://www.amazon.com/?tag=admarketus-2
Source: BundleSweetIMSetup.exeString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=
Source: BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936131977.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946115163.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944882361.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932917107.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935096471.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945303103.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948205588.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934686053.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935997640.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946975552.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: BundleSweetIMSetup.exe, 00000000.00000003.1945571211.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_U
Source: BundleSweetIMSetup.exe, 00000000.00000003.1947769791.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947178638.00000000042B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid
Source: BundleSweetIMSetup.exeString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid
Source: BundleSweetIMSetup.exe, 00000000.00000003.1934475528.0000000002B1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMA
Source: BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945571211.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEM
Source: BundleSweetIMSetup.exeString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL
Source: BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948059516.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945116548.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946819961.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948585972.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947911162.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947694690.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942852451.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934723785.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946074746.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934003704.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946308990.00000000042BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 13.249.98.125:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.249.98.125:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main Start PageJump to behavior

System Summary

barindex
Found suspicious ZIP file
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/main.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/sweetim-toolbar.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/chevron.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/commands.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/config.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/contentmenu-handler.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/contentmenu.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/cookies.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/file.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/globals.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/highlight.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/history.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/install.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/logger.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/registry.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/release.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/search.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/searchguard.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/searchservice.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/splitter.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/stringbundles.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/tabinfo.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/tabinfo-array.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/tooltip.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/uninstallobserver.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/version.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/webprogresslistener.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/remote.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/dynamic.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/ppcbully.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/gui.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/inject.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/version-ff.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/findword.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/wait.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/addonlistener.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/addonmanager.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/global-namespace.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/messagebox.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/domainutils.js
Source: SweetIMToolbar.xpi.10.drZip Entry: chrome/sweetim-toolbar/content/generalobserver.js
Source: SweetIMToolbar.xpi.10.drZip Entry: components/SIMAutoCompleteSearch.js
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081D66C GetLastError,GetCurrentProcessId,CreateFileMappingA,MapViewOfFile,UnmapViewOfFile,NtConnectPort,CloseHandle,FindCloseChangeNotification,CloseHandle,OpenProcess,OpenProcess,GetCurrentProcess,DuplicateHandle,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,CloseHandle,ReleaseMutex,CloseHandle,CloseHandle,SetLastError,7_2_0081D66C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081C98C LocalAlloc,NtReplyWaitReceivePort,NtAcceptConnectPort,LocalFree,GetCurrentProcessId,LocalAlloc,NtAcceptConnectPort,LocalAlloc,LocalFree,NtCompleteConnectPort,CloseHandle,SetEvent,EnterCriticalSection,LeaveCriticalSection,LocalFree,NtAcceptConnectPort,LocalFree,LocalFree,LocalFree,7_2_0081C98C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081CCDC InitializeSecurityDescriptor,SetSecurityDescriptorDacl,LocalAlloc,NtCreatePort,LocalFree,EnterCriticalSection,LocalAlloc,CreateSemaphoreA,CreateThread,CreateThread,SetThreadPriority,SetThreadPriority,InitializeCriticalSection,LeaveCriticalSection,7_2_0081CCDC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081DC3A ReleaseSemaphore,NtConnectPort,WaitForSingleObject,TerminateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,LocalFree,LocalFree,CloseHandle,CloseHandle,DeleteCriticalSection,LocalFree,7_2_0081DC3A
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081D664 GetLastError,GetCurrentProcessId,CreateFileMappingA,MapViewOfFile,UnmapViewOfFile,NtConnectPort,CloseHandle,FindCloseChangeNotification,CloseHandle,OpenProcess,CloseHandle,SetLastError,7_2_0081D664
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081CB86 LocalAlloc,NtReplyWaitReceivePort,NtAcceptConnectPort,LocalFree,ReleaseSemaphore,LocalFree,7_2_0081CB86
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CCA30 ?CreateLowProcess@CVistaSupport@OSVista@@QAEHPBG0K@Z,wcslen,wcscpy,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,CloseHandle,ConvertStringSidToSidW,GetLengthSid,SetTokenInformation,CreateProcessAsUserW,WaitForSingleObject,CloseHandle,CloseHandle,LocalFree,CloseHandle,CloseHandle,7_2_007CCA30
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00421166 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,1_2_00421166
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CC6F0 ?Restart@CShutDownManager@@QAE_N_N@Z,ExitWindowsEx,7_2_007CC6F0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c209.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC380.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC547.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{A81A974F-8A22-43E6-9243-5198FF758DA1}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICDA5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c20c.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c20c.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID16F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID25A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2C8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDA99.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c20d.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE99E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAC8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB08.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB47.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\ARPPRODUCTICON.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c210.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48c210.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF30.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7EB.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF889.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8B9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC380.tmpJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeCode function: 0_3_0429ED800_3_0429ED80
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_004321061_2_00432106
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0042C18D1_2_0042C18D
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00428BF01_2_00428BF0
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_00409C885_2_00409C88
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_004069665_2_00406966
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_004025805_2_00402580
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_00404B7C5_2_00404B7C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004921807_2_00492180
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B13607_2_007B1360
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CE6607_2_007CE660
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CE7A07_2_007CE7A0
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CD9507_2_007CD950
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008110B87_2_008110B8
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080C3F47_2_0080C3F4
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008098CC7_2_008098CC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080E9E87_2_0080E9E8
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080BB107_2_0080BB10
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00812D907_2_00812D90
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00808EBC7_2_00808EBC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_100120507_2_10012050
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C37DC277_2_7C37DC27
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C396FA77_2_7C396FA7
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: String function: 00404B30 appears 35 times
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: String function: 7C3630A4 appears 50 times
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: String function: 0080451C appears 65 times
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: String function: 008044F8 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: String function: 00427498 appears 243 times
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: P@...*OLESelfRegisterSpecialBuildProductVersionProductNamePrivateBuildOriginalFilenameLegalTrademarksLegalCopyrightInternalNameFileVersionFileDescriptionCompanyNameComments\VarFileInfo\TranslationUnknown@ vs BundleSweetIMSetup.exe
Source: BundleSweetIMSetup.exe, 00000000.00000002.2076548180.00000000042B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemgToolbarIE.dll$ vs BundleSweetIMSetup.exe
Source: BundleSweetIMSetup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 1714110143_4764703_750.tmp.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engineClassification label: mal60.phis.spyw.winEXE@39/504@21/9
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00421166 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,1_2_00421166
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007CC720 ?AdjustToken@CShutDownManager@@AAE_N_N@Z,GetCurrentProcess,OpenProcessToken,GetLastError,_CxxThrowException,LookupPrivilegeValueW,GetLastError,_CxxThrowException,AdjustTokenPrivileges,GetLastError,_CxxThrowException,wsprintfW,MessageBoxW,CloseHandle,7_2_007CC720
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081E15C GetCurrentProcess,OpenProcessToken,GetTokenInformation,LocalAlloc,GetTokenInformation,LookupPrivilegeValueA,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,LocalFree,CloseHandle,FindCloseChangeNotification,7_2_0081E15C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081E143 GetCurrentProcess,OpenProcessToken,GetTokenInformation,LocalAlloc,GetTokenInformation,LookupPrivilegeValueA,LookupPrivilegeValueA,LookupPrivilegeValueA,AdjustTokenPrivileges,LocalFree,CloseHandle,FindCloseChangeNotification,7_2_0081E143
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_004207E4 LoadLibraryA,GetProcAddress,lstrcpyA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,FreeLibrary,1_2_004207E4
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007BE200 ?URLEncode2@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@K@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,CoCreateInstance,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??_U@YAPAXI@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z,??_V@YAXPAX@Z,??_V@YAXPAX@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_007BE200
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0040A454 FindResourceA,SizeofResource,LoadResource,LockResource,1_2_0040A454
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIMJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\track[1].htmJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeMutant created: \Sessions\1\BaseNamedObjects\Local\{D564BB4E-74F6-4fd5-900A-313328F6DF9F}
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{EEE6C370-6118-11DC-9C72-001320C79847}
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\1714110139_4760671_41.tmpJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: CREATE TABLE %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);name='%q'
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');sqlite_sequence
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 48c209.msi.3.dr, 1714110143_4764703_750.tmp.0.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: 1714110143_4764703_750.tmp.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;U
Source: BundleSweetIMSetup.exeReversingLabs: Detection: 50%
Source: BundleSweetIMSetup.exeVirustotal: Detection: 37%
Source: BundleSweetIMSetup.exeString found in binary or memory: user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);
Source: BundleSweetIMSetup.exeString found in binary or memory: "web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_d
Source: BundleSweetIMSetup.exeString found in binary or memory: edpiccmgmieda":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"dcb37f49-aa68-4ebc-a8d4-14eaa556e331"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_defaul
Source: BundleSweetIMSetup.exeString found in binary or memory: 8f88011f783"); user_pref("app.update.auto.migrated", true); user_pref("app.update.background.rolledout", true); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0); user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830)
Source: BundleSweetIMSetup.exeString found in binary or memory: "],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https:/
Source: BundleSweetIMSetup.exeString found in binary or memory: mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_
Source: BundleSweetIMSetup.exeString found in binary or memory: japmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["htt
Source: BundleSweetIMSetup.exeString found in binary or memory: s://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentat
Source: BundleSweetIMSetup.exeString found in binary or memory: on/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chro
Source: BundleSweetIMSetup.exeString found in binary or memory: om/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp
Source: BundleSweetIMSetup.exeString found in binary or memory: 3-bf01-28f88011f783"); user_pref("app.update.auto.migrated", true); user_pref("app.update.background.rolledout", true); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0); user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169
Source: BundleSweetIMSetup.exeString found in binary or memory: usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],
Source: BundleSweetIMSetup.exeString found in binary or memory: hbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldo
Source: BundleSweetIMSetup.exeString found in binary or memory: mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}},"web_apps":{"did_migrat
Source: BundleSweetIMSetup.exeString found in binary or memory: eanup-thumbnails", 0); user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830); user_pr
Source: BundleSweetIMSetup.exeString found in binary or memory: pdateTime.browser-cleanup-thumbnails", 0); user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1
Source: unknownProcess created: C:\Users\user\Desktop\BundleSweetIMSetup.exe "C:\Users\user\Desktop\BundleSweetIMSetup.exe"
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe /s /w /v" /qn SIMHP=0 SIMSP=0 "
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A265C8E8A3BB4B1A10A4D9F720E583B6
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe http://sweetim.com,C:\Users\user\AppData\LocalLow\simcookies.dat
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" -AutoStartIM
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\SweetIESetup.exe /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} "
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\SweetIESetup.msi" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F0CC6D3E1A3C8837D5C7D007B45C879F
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,7459701528248846225,13626864308159879949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe /s /w /v" /qn SIMHP=0 SIMSP=0 "Jump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\SweetIESetup.exe /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} "Jump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A265C8E8A3BB4B1A10A4D9F720E583B6Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F0CC6D3E1A3C8837D5C7D007B45C879FJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe http://sweetim.com,C:\Users\user\AppData\LocalLow\simcookies.datJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" -AutoStartIMJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\SweetIESetup.msi" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,7459701528248846225,13626864308159879949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgupdatesupport.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgcommon.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgconfig.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgadaptersproxy.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: msvcp71.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgsimcommon.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgcommunication.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgcommon.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mghooking.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgxml_wrapper.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgconfig.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: msvcp71.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mgxml_wrapper.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msvcr71.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mgsimcommon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mgcommon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mgconfig.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mghooking.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mghelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mgcommon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mgxml_wrapper.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msxml3.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mlang.dll
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeFile written: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INIJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeWindow detected: Agree && Continue >DisagreeTo continue the installation you must agree to the following terms of service agreementSweetIM provides aid when misspelling or incorrectly formatting browser address request.SWEETIM Technologies LTD.Thank you for installing SweetIM for Messenger and SweetIM Toolbar for browserSweetIM is certified as Trusted Download Program by TRUSTeEND USER LICENSE AGREEMENT / TERMS OF SERVICE / AND PRIVACY POLICY IMPORTANT - PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.THIS AGREEMENT SHALL GOVERN YOUR USE OF SWEETIM SOFTWARE SERVICE AND SITE. IF AFTER READING THIS AGREEMNET YOU WISH TO USE THE SWEETIM SOFTWARE WEBSITE AND ITS FEATURES PLEASE INDICATE YOUR ACCEPTANCE HEREOF BY CLICKING "I AGREE" AT THE END.Please note: (1) you MUST be 13 years or older to install or to use the SweetIM Software. If you are not yet 13 do not download SweetIM Software; (2) the SweetIM Software is not intended for use by or be available to persons under the age limit of any jurisdiction which restricts the use of Internet-based applications and services according to age. IF YOU RESIDE IN SUCH A JURISDICTION AND ARE UNDER THAT JURISDICTION'S AGE LIMIT FOR USING INTERNET-BASED APPLICATIONS OR SERVICES YOU MAY NOT DOWNLOAD INSTALL OR USE THE SWEETIM SOFTWARE AND YOU MAY NOT ACCESS THE SERVICESThis combined End User License Agreement / Terms / and Privacy policy (The "Agreement") constitutes a valid and binding agreement between SweetIM Technologies LTD. (formerly known as Imvent Ltd) which governs the use of the SweetIM Website Software and its features (together with its affiliates successors and assigns "SweetIM") and you ("you" or "your") for the use of the SweetIM Software Network Content and Services as defined below. You must enter into this agreement in order to install and use such SweetIM Software. When you download the SweetIM Software you will receive the following software features: 1.SweetIM for Messenger: An add-on toolbar that allows you to easily add fun content to your instant messenger conversations. This content is updated constantly and offers fun Emoticons Audibles Winks SoundFX Nudges Games special effects and more.2.SweetIM Toolbar for IE and for Firefox: A toolbar that is located on your internet browser and allows you to:oAdd SweetIM fun content such as emoticons texticons and other animations to web mail chat forums and social networksoSearch the web through SweetIM Search powered by Google (described below).oSweetIM Search: allows you to search the web through:1.A search box in the toolbar.2.Default Search (for IE 7 and up and Firefox): Using the search box next to the address bar. Upon installation we offer you to use SweetIM search as your default search provider in IE 7 and up and Firefox. You can manually choose other search providers by clicking on the drop down button next to the search box. 3. Search Assistance: if you place a search query in the address bar or misspell an address this feature provides you with
Source: BundleSweetIMSetup.exeStatic PE information: certificate valid
Source: BundleSweetIMSetup.exeStatic file information: File size 4666160 > 1048576
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeFile opened: C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dllJump to behavior
Source: BundleSweetIMSetup.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x465200
Source: BundleSweetIMSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mgconfig.pdb source: mgconfig.dll0.3.dr
Source: Binary string: C:\Imvent\Develop\Client\vc\SweetSDM\Release\SweetSDM.pdb source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\Release_bin\mgHelper.pdbh source: mgHelper.dll.3.dr
Source: Binary string: c:\SimOlderVersions\SIM 3.6\Client\vc\output\Release\mgICQMessengerAdapter.pdb source: mgICQMessengerAdapter.dll.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mghooking.pdb source: mghooking.dll0.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\output\release\mghooking.pdb source: mghooking.dll0.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\Release_bin\mgHelper.pdb source: mgHelper.dll.3.dr
Source: Binary string: msvcp71.pdb source: SweetIM.exe, SweetIM.exe, 00000007.00000002.1895639481.000000007C3C1000.00000020.00000001.01000000.00000010.sdmp, msvcp71.dll.3.dr
Source: Binary string: c:\Imvent\Develop\Client\vc\Toolbar\output\release\mgToolbarProxy.pdb source: mgToolbarProxy.dll.3.dr
Source: Binary string: c:\SimOlderVersions\SIM 3.6\Client\vc\output\release\mgICQAuto.pdb source: mgICQAuto.dll.3.dr
Source: Binary string: C:\Imvent\Develop\Client\vc\SweetSDM\Release\SweetSDM.pdb@ source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: msvcr71.pdb source: SweetIMSetup.exe, 00000001.00000002.1844516312.000000007C361000.00000020.00000001.01000000.00000011.sdmp, SweetIM.exe, SweetIM.exe, 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_004101BC __EH_prolog,lstrcpyA,lstrcpyA,lstrcpyA,LoadLibraryA,GetProcAddress,FreeLibrary,1_2_004101BC
Source: 1714110143_4764703_750.tmp.0.drStatic PE information: section name: .stab
Source: 1714110143_4764703_750.tmp.0.drStatic PE information: section name: .stabstr
Source: mgAdaptersProxy.dll.3.drStatic PE information: section name: .SHARDAT
Source: mgAdaptersProxy.dll.3.drStatic PE information: section name: .SHARDAT
Source: mgHelper.dll.3.drStatic PE information: section name: .SHARED
Source: mgToolbarIE.dll.3.drStatic PE information: section name: .SHARED
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00427498 push eax; ret 1_2_004274B6
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00427BC0 push eax; ret 1_2_00427BEE
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_00405940 push eax; ret 5_2_00405954
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_00405940 push eax; ret 5_2_0040597C
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_00404B6B push ecx; ret 5_2_00404B7B
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_0040AF14 push eax; ret 5_2_0040AF32
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004080D7 push ecx; ret 7_2_004080E7
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00485987 push ecx; ret 7_2_00485997
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0049306F push ecx; ret 7_2_0049307F
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00492CF0 push eax; ret 7_2_00492D04
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00492CF0 push eax; ret 7_2_00492D2C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004A35E7 push ecx; ret 7_2_004A35F7
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C4610 push eax; ret 7_2_004C4624
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C4610 push eax; ret 7_2_004C464C
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C48EF push ecx; ret 7_2_004C48FF
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004D7763 push ecx; ret 7_2_004D7773
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007D407B push ecx; ret 7_2_007D408B
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007D3C70 push eax; ret 7_2_007D3C84
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007D3C70 push eax; ret 7_2_007D3CAC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007BCF50 push ecx; mov dword ptr [esp], 00000000h7_2_007BCF66
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080D0D8 push 0080D104h; ret 7_2_0080D0FC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008080E0 push 00808133h; ret 7_2_0080812B
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00807060 push 0080708Ch; ret 7_2_00807084
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00808138 push 00808165h; ret 7_2_0080815D
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081E4A0 push 0081E533h; ret 7_2_0081E52B
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008055E4 push 00805635h; ret 7_2_0080562D
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081E538 push 0081E56Ch; ret 7_2_0081E564
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0081E63C push 0081E662h; ret 7_2_0081E65A
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080589E push 008058CCh; ret 7_2_008058C4
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008058A0 push 008058CCh; ret 7_2_008058C4
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008058D8 push 00805904h; ret 7_2_008058FC
Source: msvcr90.dll.3.drStatic PE information: section name: .text entropy: 6.922045894978299
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID16F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF889.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dllJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\1714110143_4764703_750.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDA99.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F8.tmpJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7EB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB08.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\mgSqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAC8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID25A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC380.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dllJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\SweetIESetup.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\1714110143_4764500_750.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF30.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dllJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\1714110143_4764625_750.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC547.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8B9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mglogger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE99E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\mgSqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile created: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mghooking.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC547.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB08.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID16F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8B9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAC8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDA99.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID25A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE99E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC380.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4F8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF7EB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF889.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF30.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2C8.tmpJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar {EEE6C35B-6118-11DC-9C72-001320C79847}
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar {EEE6C35B-6118-11DC-9C72-001320C79847}
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} NULL
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} NULL
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} NoExplorer
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} NoExplorer
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SweetIMJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SweetIMJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00422B9D LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00422B9D
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEB08.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID16F.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\mgSqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEAC8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID25A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC380.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF889.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEF30.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC547.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF8B9.tmpJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1714110143_4764703_750.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mglogger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDA99.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE99E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\mgSqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC4F8.tmpJump to dropped file
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dll (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF7EB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID2C8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeEvaded block: after key decisiongraph_1-26880
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeEvaded block: after key decisiongraph_1-27128
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-5967
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-50729
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeAPI coverage: 6.0 %
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeAPI coverage: 3.7 %
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIESetup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00413D18 __EH_prolog,GetTempPathA,FindFirstFileA,CompareFileTime,DeleteFileA,FindNextFileA,FindClose,1_2_00413D18
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00422D97 CreateEventA,GetProcAddress,SearchPathA,GetModuleFileNameA,FindFirstFileA,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect,FindClose,FindClose,1_2_00422D97
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B36A0 _IsDirectoryEmpty@4,wcslen,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,FindFirstFileW,wcscmp,wcscmp,wcscmp,FindNextFileW,FindClose,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_007B36A0
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B3800 DeleteFolder,wcslen,IsDirectoryFile,wcscpy,PathAddBackslashW,PathAddExtensionW,FindFirstFileW,FindNextFileW,wcscpy,PathAddBackslashW,wcscat,DeleteFileW,DeleteFolder,FindClose,RemoveDirectoryW,7_2_007B3800
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_10007070 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,RegQueryValueExW,wcslen,wcscat,_IsFileExist@4,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,RegCloseKey,?GetShellFolderPath@@YG?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_IsFileExist@4,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,RegQueryValueExW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,wcslen,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,wcscpy,PathStripPathW,wcslen,wcslen,wcslen,?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z,?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,FindClose,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z,?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB,wcslen,?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z,?SplitString@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@H@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,_wtoi,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,7_2_10007070
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C378DFA _wstat,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileW,wcspbrk,_wfullpath,wcslen,GetDriveTypeW,_errno,__doserrno,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,7_2_7C378DFA
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C376DCB _findfirst64,FindFirstFileA,GetLastError,_errno,_errno,_errno,strcpy,7_2_7C376DCB
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C377ED3 _stat,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileA,_mbspbrk,_fullpath,strlen,GetDriveTypeA,_errno,__doserrno,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,7_2_7C377ED3
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C376FD6 _findfirsti64,FindFirstFileA,GetLastError,_errno,_errno,_errno,strcpy,7_2_7C376FD6
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0041AD16 GetVersionExA,GetSystemInfo,1_2_0041AD16
Source: VistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
Source: BundleSweetIMSetup.exe, 00000000.00000003.1726120393.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1736669295.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2064156782.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2066491581.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1731561853.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1969287489.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068807066.0000000002A54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: BundleSweetIMSetup.exe, 00000000.00000003.1726120393.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1736669295.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2064156782.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2066491581.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1731561853.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068807066.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2074530070.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712010420.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1720707154.0000000002A54000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
Source: SweetIM.exe, 00000007.00000002.1893598487.0000000000516000.00000004.00000020.00020000.00000000.sdmp, SweetIM.exe, 00000007.00000003.1892322214.0000000000516000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeAPI call chain: ExitProcess graph end nodegraph_5-5969
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeAPI call chain: ExitProcess graph end nodegraph_5-5952
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeAPI call chain: ExitProcess graph end nodegraph_7-50628
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeAPI call chain: ExitProcess graph end nodegraph_7-50709
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeAPI call chain: ExitProcess graph end nodegraph_7-50294
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00404DE4 GetProcessHeap,LdrInitializeThunk,1_2_00404DE4
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_004101BC __EH_prolog,lstrcpyA,lstrcpyA,lstrcpyA,LoadLibraryA,GetProcAddress,FreeLibrary,1_2_004101BC
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00817534 mov eax, dword ptr fs:[00000030h]7_2_00817534
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_008179F5 mov eax, dword ptr fs:[00000030h]7_2_008179F5
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_00817A00 mov eax, dword ptr fs:[00000030h]7_2_00817A00
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080BDBC mov eax, dword ptr fs:[00000030h]7_2_0080BDBC
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00404008 GetFileSize,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,ReadFile,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00404008
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0042E90F SetUnhandledExceptionFilter,1_2_0042E90F
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0042E921 SetUnhandledExceptionFilter,1_2_0042E921
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_0040480E SetUnhandledExceptionFilter,5_2_0040480E
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: 5_2_004047FA SetUnhandledExceptionFilter,5_2_004047FA
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" -AutoStartIMJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_007B66A0 ?init@CMutex@@QAEXPAG@Z,??0CWinOsInfo@@QAE@XZ,?IsVistaOrLater@CWinOsInfo@@QBE_NXZ,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,CreateMutexW,CreateMutexW,CreateMutexW,GetLastError,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexW,GetLastError,GetLastError,wsprintfW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z,??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??_7CErrException@@6B@,_CxxThrowException,??1CWinOsInfo@@UAE@XZ,7_2_007B66A0
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_0042123B GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,1_2_0042123B
Source: BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1731380441.00000000042BB000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1731472873.00000000042C0000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941087262.00000000042AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: SweetIMSetup.exe, SweetIMSetup.exe, 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmp, SweetIMSetup.exe, 00000001.00000000.1745279311.000000000043D000.00000008.00000001.01000000.0000000A.sdmp, SweetIESetup.exe, 00000008.00000002.1913355012.000000000043D000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: Shell_TrayWnd
Source: BundleSweetIMSetup.exe, 00000000.00000003.1918020280.000000000429D000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1917921416.0000000004296000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager!V
Source: BundleSweetIMSetup.exe, 00000000.00000002.2071455802.000000000045F000.00000040.00000001.01000000.00000003.sdmp, SweetIMSetup.exe, 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmp, SweetIMSetup.exe, 00000001.00000000.1745279311.000000000043D000.00000008.00000001.01000000.0000000A.sdmpBinary or memory string: %sSetupLogFileNameSoftware\InstallShield\ISWI\7.0\SetupExeLogShell_TrayWndSplashTimeTahomaCancelMsi.dll%x,ALLCANCELDescriptionTitleMSlovenianBasquedefault%#04x0x0409.iniNoSuppressRebootKeyDotNetOptionalInstallIfSilentDotNetOptionalSETUPEXEDIRCertKeyCacheFolderCacheRootLocationTypeSuppressWrongOSSuppressReboot%.2lx" 00000000000000000000000000000000AM_OTP#xAM_CONTENTID="This program cannot be run in DOS mode.toys::file
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_0080D74C cpuid 7_2_0080D74C
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: GetLocaleInfoA,1_2_004213BE
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: GetLocaleInfoA,TranslateCharsetInfo,1_2_00421361
Source: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exeCode function: GetLocaleInfoA,5_2_00408CF8
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: GetLocaleInfoA,7_2_00805570
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: ??0CWinOsInfo@@QAE@XZ,?GetPlatformId@CWinOsInfo@@QBEKXZ,?GetMajor@CWinOsInfo@@QBEKXZ,?GetMinor@CWinOsInfo@@QBEKXZ,?GetCSDString@CWinOsInfo@@QBEPBGXZ,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,wsprintfW,wsprintfW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,wsprintfW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,wsprintfW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??1CWinOsInfo@@UAE@XZ,GetLocaleInfoW,GetLocaleInfoW,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,??_V@YAXPAX@Z,7_2_10005490
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,strcpy,_itoa,7_2_7C370C1A
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: GetLocaleInfoA,atol,7_2_7C370DCF
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: GetLastError,malloc,malloc,free,_strncpy,free,__crtGetLocaleInfoW,isdigit,7_2_7C370FF0
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00413EA3 __EH_prolog,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlenA,lstrlenA,lstrcatA,lstrcatA,wsprintfA,wsprintfA,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetSystemTimeAsFileTime,1_2_00413EA3
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_7C372E79 _lock,strcmp,free,strlen,malloc,strcpy,_strncpy,atol,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_local_unwind2,atol,atol,_strncpy,7_2_7C372E79
Source: C:\Users\user\AppData\Local\Temp\SweetIMSetup.exeCode function: 1_2_00415269 GetVersionExA,GetTempPathA,GetWindowsDirectoryA,wsprintfA,1_2_00415269

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Overwrites Mozilla Firefox settings
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\searchplugins\sweetim.xml
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\searchplugins\sweetim.xml

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\user.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\searchplugins\sweetim.xml
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-walJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\prefs.jsJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\Desktop\BundleSweetIMSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\user.jsJump to behavior
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C3B60 ?OnStopBinding@CBSCallbackImpl@@UAGJJPBG@Z,7_2_004C3B60
Source: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exeCode function: 7_2_004C3BA0 ?GetBindInfo@CBSCallbackImpl@@UAGJPAKPAU_tagBINDINFO@@@Z,7_2_004C3BA0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		4
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		2
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		31
Obfuscated Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol11
Browser Session Hijacking		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		11
Access Token Manipulation		11
Software Packing		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares1
Data from Local System		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		1
DLL Side-Loading		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Registry Run Keys / Startup Folder		1
File Deletion		LSA Secrets46
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Valid Accounts		DCSync111
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Access Token Manipulation		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431987 Sample: BundleSweetIMSetup.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 60 71 mystart.sweetim.com 2->71 73 d1a7vclbryqy69.cloudfront.net 2->73 75 content.sweetim.com 2->75 89 Antivirus detection for URL or domain 2->89 91 Multi AV Scanner detection for dropped file 2->91 93 Multi AV Scanner detection for submitted file 2->93 95 Found suspicious ZIP file 2->95 8 msiexec.exe 351 243 2->8         started        11 BundleSweetIMSetup.exe 11 48 2->11         started        signatures3 process4 dnsIp5 39 C:\Windows\Installer\MSIF8B9.tmp, PE32 8->39 dropped 41 C:\Windows\Installer\MSIF889.tmp, PE32 8->41 dropped 43 C:\Windows\Installer\MSIF7EB.tmp, PE32 8->43 dropped 51 49 other files (44 malicious) 8->51 dropped 15 msiexec.exe 8->15         started        19 msiexec.exe 3 13 8->19         started        81 d1a7vclbryqy69.cloudfront.net 13.249.98.125, 443, 49733, 49734 AMAZON-02US United States 11->81 45 C:\Users\user\...\SweetIMSetup.exe (copy), PE32 11->45 dropped 47 C:\Users\user\...\SweetIESetup.exe (copy), PE32 11->47 dropped 49 C:\Users\user\...\1714110143_4764625_750.tmp, PE32 11->49 dropped 53 5 other files (3 malicious) 11->53 dropped 97 Overwrites Mozilla Firefox settings 11->97 99 Tries to harvest and steal browser information (history, passwords, etc) 11->99 21 chrome.exe 11->21         started        24 SweetIMSetup.exe 17 11->24         started        26 SweetIESetup.exe 17 11->26         started        file6 signatures7 process8 dnsIp9 55 C:\Users\user\AppData\Local\...\mgSqlite3.dll, PE32 15->55 dropped 57 C:\Users\user\AppData\Roaming\...\sweetim.xml, ASCII 15->57 dropped 59 C:\Users\user\AppData\Roaming\...\sweetim.xml, ASCII 15->59 dropped 83 Creates an undocumented autostart registry key 15->83 85 Overwrites Mozilla Firefox settings 15->85 87 Tries to harvest and steal browser information (history, passwords, etc) 15->87 61 C:\Users\user\AppData\Local\...\mgSqlite3.dll, PE32 19->61 dropped 63 C:\Users\user\...\VistaCookiesCollector.exe, PE32 19->63 dropped 28 SweetIM.exe 19->28         started        30 VistaCookiesCollector.exe 9 19->30         started        77 192.168.2.4, 138, 443, 49474 unknown unknown 21->77 79 239.255.255.250 unknown Reserved 21->79 32 chrome.exe 21->32         started        35 msiexec.exe 24->35         started        37 msiexec.exe 26->37         started        file10 signatures11 process12 dnsIp13 65 www.google.com 142.250.217.228, 443, 49766, 49773 GOOGLEUS United States 32->65 67 www3.l.google.com 192.178.50.46, 443, 49770 GOOGLEUS United States 32->67 69 9 other IPs or domains 32->69

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BundleSweetIMSetup.exe50%ReversingLabsWin32.PUA.SweetIM
BundleSweetIMSetup.exe38%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe35%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll22%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll24%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll22%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll23%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll29%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll25%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll27%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll33%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll29%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll0%ReversingLabs
C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll0%ReversingLabs
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll21%ReversingLabs
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe30%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll0%ReversingLabs
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll0%ReversingLabs
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll0%ReversingLabs
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll29%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe32%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll26%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll27%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll24%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll27%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll24%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll25%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll22%ReversingLabsWin32.PUA.SweetIM
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll24%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\1714110143_4764500_750.tmp17%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\1714110143_4764625_750.tmp16%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\1714110143_4764703_750.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\SweetIESetup.exe (copy)16%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe (copy)17%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\sqlite3.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\mgSqlite3.dll21%ReversingLabs
C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe18%ReversingLabsWin32.PUA.SweetIM
C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\mgSqlite3.dll21%ReversingLabs
C:\Windows\Installer\MSIC380.tmp0%ReversingLabs
C:\Windows\Installer\MSIC4F8.tmp0%ReversingLabs
C:\Windows\Installer\MSIC547.tmp29%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSID16F.tmp29%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSID25A.tmp29%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSID2C8.tmp29%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSIDA99.tmp0%ReversingLabs
C:\Windows\Installer\MSIE99E.tmp0%ReversingLabs
C:\Windows\Installer\MSIEAC8.tmp0%ReversingLabs
C:\Windows\Installer\MSIEB08.tmp21%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSIEF30.tmp24%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSIF7EB.tmp21%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSIF889.tmp21%ReversingLabsWin32.PUA.SweetIM
C:\Windows\Installer\MSIF8B9.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%URL Reputationsafe
http://api.autocompleteplus.com/?q=0%Avira URL Cloudsafe
https://drive.go0%Avira URL Cloudsafe
https://docs.googl0%Avira URL Cloudsafe
http://home.swee0%Avira URL Cloudsafe
https://bridge.lga1.a0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=70%Avira URL Cloudsafe
http://api.autocompleteplus.com/?q=0%VirustotalBrowse
https://www.amazon.0%Avira URL Cloudsafe
https://storage2.stgbssint.com/Search/SearchApplication/Resources/Images/Search/closeSprite.png100%Avira URL Cloudmalware
http://home.sweetim.comhttp://search.sweetim.com/search.asp?src=6&q=0%Avira URL Cloudsafe
http://www.sweetim.com00%Avira URL Cloudsafe
https://www.amazon.0%VirustotalBrowse
https://bridge.lga1.ap01.n0%Avira URL Cloudsafe
http://127.0.0.1/test/rc_tb.html0%Avira URL Cloudsafe
https://support.micr0%Avira URL Cloudsafe
http://www.aim.comSweetIM0%Avira URL Cloudsafe
http://sweetim.comAnalyzeCookieslogDllVersion.0%Avira URL Cloudsafe
http://www.macrovision.com00%Avira URL Cloudsafe
https://se-p-static-content.seccint.com/search/images/homepage/button_bg.png0%Avira URL Cloudsafe
http://sweetim.comREFERRALID0%Avira URL Cloudsafe
http://sweetim.com2;C:0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs90%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1p1fga02t8l00.cloudfront.net
108.157.173.24
truefalse
    		high
    www3.l.google.com
    		192.178.50.46
    		truefalse
      		high
      d1a7vclbryqy69.cloudfront.net
      		13.249.98.125
      		truefalse
        		high
        www.google.com
        		142.250.217.228
        		truefalse
          		high
          googlehosted.l.googleusercontent.com
          		192.178.50.65
          		truefalse
            		high
            dw0k3g0iqpx8s.cloudfront.net
            		13.249.98.78
            		truefalse
              		high
              clients2.googleusercontent.com
              		unknown
              		unknownfalse
                		high
                se-p-static-content.seccint.com
                		unknown
                		unknownfalse
                  		unknown
                  storage2.stgbssint.com
                  		unknown
                  		unknownfalse
                    		unknown
                    www.sweetim.com
                    		unknown
                    		unknownfalse
                      		high
                      chrome.google.com
                      		unknown
                      		unknownfalse
                        		high
                        content.sweetim.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;;false
                            		high
                            https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}false
                              		high
                              https://www.sweetim.com/favicon.icofalse
                                		high
                                https://storage2.stgbssint.com/Search/SearchApplication/Resources/Images/Search/closeSprite.pngfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;;false
                                  		high
                                  https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;;false
                                    		high
                                    http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}false
                                      		high
                                      https://se-p-static-content.seccint.com/search/images/homepage/button_bg.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://developer.mozilla.org/en/Extensions/Bootstrapped_extensions)addonlistener.js.10.dr, addonlistener.js0.10.drfalse
                                        		high
                                        http://search.sweetim.com/redir.asp?pid=7&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                          		high
                                          https://bridge.lga1.aBundleSweetIMSetup.exefalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sweetim.com/installbar.asp?barid=$toolbar_id;toolbar.xml.3.drfalse
                                            		high
                                            http://www.sweetim.com/uninstallhelpff.aspglobals.js1.10.dr, globals.js0.10.drfalse
                                              		high
                                              http://info.sweetim.com/privacy-policy/chromecache_795.15.drfalse
                                                		high
                                                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.BundleSweetIMSetup.exe, 00000000.00000003.1948585972.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947911162.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947694690.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942852451.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934723785.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946074746.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934003704.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946308990.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947731414.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947620062.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934221488.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944457193.00000000042C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://api.autocompleteplus.com/?q=chromecache_795.15.drfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://developer.mozilla.org/en/docs/How_to_implement_custom_autocomplete_search_componentSIMAutoCompleteSearch.js1.10.dr, SIMAutoCompleteSearch.js.10.drfalse
                                                    		high
                                                    http://search.sweetim.com/redir.asp?pid=14&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                      		high
                                                      http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948BundleSweetIMSetup.exe, 00000000.00000002.2076285085.0000000004281000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073166287.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.goBundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933055444.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933341291.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933188058.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1933228210.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932983840.00000000042B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://search.sweetim.com/redir.asp?pid=2&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                          		high
                                                          http://stackoverflow.com/questions/6284051/in-my-firefox-extension-onuninstalled-event-doesnt-seem-taddonlistener.js.10.dr, addonlistener.js0.10.drfalse
                                                            		high
                                                            http://home.sweeBundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941745817.00000000042A1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931426271.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931108151.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942049041.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931392225.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931985408.000000000429C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931954475.000000000429A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945571211.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947052473.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1940929338.0000000004295000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931858184.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947428250.00000000042A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://info.sweetim.com/terms/chromecache_795.15.drfalse
                                                              		high
                                                              http://search.sweetim.com/?src=6&q=globals.js1.10.dr, globals.js0.10.drfalse
                                                                		high
                                                                http://www.sweetim.com/simiebar/download/toolbar.cabtoolbar.xml.3.drfalse
                                                                  		high
                                                                  https://docs.googlBundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://imp.mt48.net/static?id=7BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935482180.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935848149.00000000042AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.amazon.BundleSweetIMSetup.exefalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936131977.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946115163.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944882361.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932917107.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935096471.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945303103.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948205588.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934686053.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935997640.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946975552.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://drive.google.com/drive/installwebapp?usp=chrome_dBundleSweetIMSetup.exefalse
                                                                      		high
                                                                      http://www.sweetim.com/forum/globals.js1.10.dr, globals.js0.10.drfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appi0BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://home.sweetim.comhttp://search.sweetim.com/search.asp?src=6&q=BundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SweetIM.exe, 00000007.00000002.1893180868.00000000004A4000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://search.sweetim.comBundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmp, SweetIM.exe, 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmp, 48c209.msi.3.dr, install.js.10.dr, MSID16F.tmp.3.dr, SweetIESetup.msi.8.dr, MSID25A.tmp.3.dr, 48c20d.msi.3.dr, sweetim.xml.10.dr, MSIC547.tmp.3.drfalse
                                                                            		high
                                                                            http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000EAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://search.sweetim.com/search.asp?src=2&pdp=1000&q=%shttp://search.sweetim.com/search.asp?src=8&pmgHelper.dll.3.drfalse
                                                                                		high
                                                                                http://adblockplus.org/blog/how-many-hacks-does-it-take-to-make-your-extension-install-without-a-resaddonlistener.js.10.dr, addonlistener.js0.10.drfalse
                                                                                  		high
                                                                                  http://cdn.content.sweetim.com/toolbar/icons/webmail/emoticons.pngtoolbar.xml.3.drfalse
                                                                                    		high
                                                                                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&cBundleSweetIMSetup.exefalse
                                                                                      		high
                                                                                      http://home.sweetim.com/calBundleSweetIMSetup.exe, 00000000.00000003.1969399479.0000000002A86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://search.sweetim.com/?src=6$1q=BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://search.sweetim.com/redir.asp?pid=1&amp;q=$sim_search_combo;toolbar.xml.3.drfalse
                                                                                            		high
                                                                                            http://www.sweetim.com048c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, mgSqlite3.dll.4.dr, mgSqlite3.dll.3.dr, mgSqlite3.dll.10.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaBundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936131977.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946115163.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935736279.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944882361.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932917107.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935096471.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945303103.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948205588.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934686053.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935997640.0000000002B1A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947357892.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946975552.0000000004271000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1936337518.00000000042BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.sweetim.com/toolbar.xml.3.drfalse
                                                                                              		high
                                                                                              http://mguglielmi.free.frmglogger.dll0.3.drfalse
                                                                                                		high
                                                                                                https://www.ecosia.org/newtab/BundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bridge.lga1.ap01.nBundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943390567.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;toolbar.xml.3.drfalse
                                                                                                    		high
                                                                                                    http://search.sweetim.com/redir.asp?pid=3&amp;q=$sim_search_combo;toolbar.xml.3.drfalse
                                                                                                      		high
                                                                                                      http://www.sweetim.com/uninstallim.asp?simappid=%sUPGRADINGPRODUCTCODEhttp://www.sweetim.com/downloa48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drfalse
                                                                                                        		high
                                                                                                        https://www.amazon.com/?tag=admarketus-2BundleSweetIMSetup.exefalse
                                                                                                          		high
                                                                                                          http://www.sweetim.com/help_simie.aspBundleSweetIMSetup.exe, 00000000.00000003.1674811988.0000000002A4D000.00000004.00000020.00020000.00000000.sdmp, toolbar.xml.3.drfalse
                                                                                                            		high
                                                                                                            http://search.sweetim.com/redir.asp?pid=6&amp;q=$sim_search_combo;toolbar.xml.3.drfalse
                                                                                                              		high
                                                                                                              http://127.0.0.1/test/rc_tb.htmlsweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://cdn.content.sweetim.com/toolbar/fb/m0100.htmltoolbar.xml.3.drfalse
                                                                                                                		high
                                                                                                                http://search.sweetim.com/redir.asp?pid=9&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                                  		high
                                                                                                                  http://search.sweetim.com/redir.asp?pid=4&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                                    		high
                                                                                                                    http://search.sweetim.com/redir.asp?pid=4&amp;q=$sim_search_combo;toolbar.xml.3.drfalse
                                                                                                                      		high
                                                                                                                      https://support.micrBundleSweetIMSetup.exefalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.aim.comSweetIM48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://drive.google.com/drive/installwebapp?usp=chrome_defaultBundleSweetIMSetup.exe, 00000000.00000003.1918937740.000000000427A000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1918984515.000000000427A000.00000004.00000020.00020000.00000000.sdmp, Preferences.0.drfalse
                                                                                                                        		high
                                                                                                                        http://sweetim.comAnalyzeCookieslogDllVersion.48c20d.msi.3.dr, MSIEB08.tmp.3.dr, MSIF7EB.tmp.3.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.sweetim.com/installbar.asp?barid=BundleSweetIMSetup.exe, 00000000.00000003.2061543965.0000000002A54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://search.sweetim.com/search.asp?src=1&q=%sim_search_combosearch.js0.10.drfalse
                                                                                                                            		high
                                                                                                                            http://www.sweetim.com/updatebar.aspglobals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drfalse
                                                                                                                              		high
                                                                                                                              http://kb.mozillazine.org/Keyword.URL)install.js.10.drfalse
                                                                                                                                		high
                                                                                                                                https://www.amazon.com/?tag=admarketus-20&ref=BundleSweetIMSetup.exefalse
                                                                                                                                  		high
                                                                                                                                  https://docs.google.com/document/installwebapp?usp=chrome_BundleSweetIMSetup.exefalse
                                                                                                                                    		high
                                                                                                                                    https://mail.google.com/mail/installwebapp?usp=chrom4BundleSweetIMSetup.exe, 00000000.00000003.1931108151.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931357660.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932783884.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1932818795.00000000042C5000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1931614131.00000000042C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.sweetim.com/help_simie.asp#instBundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1675117885.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2071455802.000000000045F000.00000040.00000001.01000000.00000003.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712010420.0000000002A3C000.00000004.00000020.00020000.00000000.sdmp, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.drfalse
                                                                                                                                        		high
                                                                                                                                        http://sweetim.com/VistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://content.sweetim.com/sim/mfftb20.htmlsweetim-contentmenu.xul0.10.dr, sweetim-contentmenu.xul.10.drfalse
                                                                                                                                            		high
                                                                                                                                            http://search.sweetim.com/redir.asp?pid=15&amp;q=$sim_search_combo;toolbar.xml.3.drfalse
                                                                                                                                              		high
                                                                                                                                              http://www.macrovision.com0MSIC4F8.tmp.3.dr, MSIDA99.tmp.3.dr, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.dr, MSIE99E.tmp.3.dr, MSIF8B9.tmp.3.dr, MSIEAC8.tmp.3.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&8BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1969481685.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2062389261.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068998373.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2061074019.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2063830032.0000000000EEF000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2068383399.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065296062.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2065627810.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.2069638260.0000000000EEA000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712185619.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2073522009.0000000000EEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://cdn.content.sweetim.com/toolbar/resources/fb/ieinfb.jstoolbar.xml.3.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://search.sweetim.com/redir.asp?pid=16&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.sweetim.com/installbar.asp?barid=GetSIMAppIDBundleSweetIMSetup.exe, 00000000.00000002.2071455802.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://search.sweetim.com/redir.asp?pid=11&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://xulsolutions.blogspot.com/2006/07/creating-uninstall-script-for.htmluninstallobserver.js1.10.dr, uninstallobserver.js0.10.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.sweetim.com48c20b.rbs.3.dr, MSICDA5.tmp.3.dr, install.rdf1.10.dr, globals.js1.10.dr, globals.js0.10.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://sweetim.comREFERRALID48c209.msi.3.dr, MSID16F.tmp.3.dr, MSID25A.tmp.3.dr, MSIC547.tmp.3.drfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgBundleSweetIMSetup.exe, 00000000.00000003.1948585972.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947911162.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935188702.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947694690.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942852451.00000000042C7000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935924437.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934723785.00000000042B3000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1935593919.00000000042A4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946074746.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934003704.00000000042A8000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942781086.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946308990.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947731414.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947620062.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1934221488.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944457193.00000000042C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://cdn.content.sweetim.com/toolbar/icons/webmail/animals.pngtoolbar.xml.3.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.sweetim.com/eula.html#privacyglobals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.sweetim.com/simiebar/toolbar.xml.3.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://cdn.ecosia.org/asseBundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://forums.mozillazine.org/viewtopic.php?f=27&t=656397cookies.js0.10.dr, cookies.js1.10.dr, cookies.js.10.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.sweetim.com/helpBundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1675117885.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000002.2071455802.000000000045F000.00000040.00000001.01000000.00000003.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674858263.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1712010420.0000000002A3C000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1674811988.0000000002A4D000.00000004.00000020.00020000.00000000.sdmp, 48c209.msi.3.dr, SweetIESetup.msi.8.dr, 48c20d.msi.3.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://search.sweetim.com/redir.asp?pid=6&amp;q=%sim_search_combosweetim-toolbar.xul.10.dr, sweetim-toolbar.xul1.10.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.sweetim.com/help_contact.aspglobals.js1.10.dr, globals.js0.10.dr, toolbar.xml.3.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9BundleSweetIMSetup.exefalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.sweetim.com/uninstallbar.asp?barid=%toolbar_idglobals.js1.10.dr, globals.js0.10.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=625319SIMAutoCompleteSearch.js1.10.dr, SIMAutoCompleteSearch.js.10.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://sweetim.comVistaCookiesCollector.exe, 00000005.00000002.1791302329.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, VistaCookiesCollector.exe, 00000005.00000002.1791260931.0000000000450000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icohtBundleSweetIMSetup.exe, 00000000.00000002.2075447475.000000000332C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://search.sweetim.com/?src=6&amp;q=BundleSweetIMSetup.exe, BundleSweetIMSetup.exe, 00000000.00000003.1945077551.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944736609.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945416513.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946637880.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942817662.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948776353.00000000042C0000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941087262.00000000042AC000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1948421204.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1941207681.00000000042B4000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943216817.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947394238.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1943178865.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944813184.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1949217415.00000000042C1000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1945116548.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946152544.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1946475050.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1942957332.00000000042BD000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1944176269.00000000042C2000.00000004.00000020.00020000.00000000.sdmp, BundleSweetIMSetup.exe, 00000000.00000003.1947806512.00000000042C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://sweetim.com2;C:VistaCookiesCollector.exe, 00000005.00000002.1791537351.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		low

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        192.178.50.46
                                                                                                                                                                                        		www3.l.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        192.178.50.65
                                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        142.250.217.228
                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        13.249.98.78
                                                                                                                                                                                        		dw0k3g0iqpx8s.cloudfront.netUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                        13.249.98.125
                                                                                                                                                                                        		d1a7vclbryqy69.cloudfront.netUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                        13.249.98.124
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                        108.157.173.24
                                                                                                                                                                                        		d1p1fga02t8l00.cloudfront.netUnited States
                                                                                                                                                                                        		16509AMAZON-02USfalse

                                                                                                                                                                                        Private

                                                                                                                                                                                        IP
                                                                                                                                                                                        192.168.2.4

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                        Analysis ID:1431987
                                                                                                                                                                                        Start date and time:2024-04-26 07:41:28 +02:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 10m 55s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:18
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:BundleSweetIMSetup.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal60.phis.spyw.winEXE@39/504@21/9
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 75%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                                                                        • Number of executed functions: 176
                                                                                                                                                                                        • Number of non-executed functions: 259
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 72.21.81.240, 192.229.211.108, 192.178.50.35, 142.250.217.206, 172.253.123.84, 142.250.217.202, 142.250.64.170, 172.217.165.202, 172.217.3.74, 142.250.217.170, 192.178.50.42, 142.250.64.138, 192.178.50.74, 142.250.217.234, 142.250.189.138, 34.104.35.123, 172.217.15.202, 172.217.2.202, 142.250.64.202, 142.250.64.234, 142.250.189.131
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                                                                                                                        • Execution Graph export aborted for target BundleSweetIMSetup.exe, PID 6936 because there are no executed function
                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        06:42:32AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SweetIM C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
                                                                                                                                                                                        07:42:36API Interceptor4x Sleep call for process: BundleSweetIMSetup.exe modified

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        239.255.255.250https://4yu76uyd4.best/ccon/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          http://callumsyed.net/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                            DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://therufus.org/download.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            13.249.98.124ACTCsxhga8.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              dw0k3g0iqpx8s.cloudfront.nethttp://search.pdf2docs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.226.34.4
                                                                                                                                                                                                              http://find.zsrc-now.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.226.175.38
                                                                                                                                                                                                              http://find.zsrc-now.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.224.103.16

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              AMAZON-02UShttps://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 65.8.178.46
                                                                                                                                                                                                              https://uporniacomnuvidx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.5
                                                                                                                                                                                                              https://purexxfilmsjoybear.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              RemotePCHost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.193.137.147
                                                                                                                                                                                                              https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                              • 18.154.227.62
                                                                                                                                                                                                              https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.213.75.202
                                                                                                                                                                                                              https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.161.136.95
                                                                                                                                                                                                              http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 108.156.152.27
                                                                                                                                                                                                              SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 76.76.21.21
                                                                                                                                                                                                              AMAZON-02UShttps://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 65.8.178.46
                                                                                                                                                                                                              https://uporniacomnuvidx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.5
                                                                                                                                                                                                              https://purexxfilmsjoybear.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              RemotePCHost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.193.137.147
                                                                                                                                                                                                              https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                              • 18.154.227.62
                                                                                                                                                                                                              https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.213.75.202
                                                                                                                                                                                                              https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.161.136.95
                                                                                                                                                                                                              http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 108.156.152.27
                                                                                                                                                                                                              SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 76.76.21.21
                                                                                                                                                                                                              AMAZON-02UShttps://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 65.8.178.46
                                                                                                                                                                                                              https://uporniacomnuvidx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.5
                                                                                                                                                                                                              https://purexxfilmsjoybear.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              RemotePCHost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.193.137.147
                                                                                                                                                                                                              https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                              • 18.154.227.62
                                                                                                                                                                                                              https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.213.75.202
                                                                                                                                                                                                              https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.161.136.95
                                                                                                                                                                                                              http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 108.156.152.27
                                                                                                                                                                                                              SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 76.76.21.21
                                                                                                                                                                                                              AMAZON-02UShttps://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 65.8.178.46
                                                                                                                                                                                                              https://uporniacomnuvidx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.5
                                                                                                                                                                                                              https://purexxfilmsjoybear.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              https://jpmanysexcomvistsxx.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                              • 65.8.184.63
                                                                                                                                                                                                              RemotePCHost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 54.193.137.147
                                                                                                                                                                                                              https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                              • 18.154.227.62
                                                                                                                                                                                                              https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 34.213.75.202
                                                                                                                                                                                                              https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.161.136.95
                                                                                                                                                                                                              http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 108.156.152.27
                                                                                                                                                                                                              SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 76.76.21.21

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              28a2c9bd18a11de089ef85a160da29e4https://4yu76uyd4.best/ccon/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              http://callumsyed.net/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://shorturl.at/lMOT7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://site-stlp3.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              https://ndw5xvotehflt.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.85.23.86
                                                                                                                                                                                                              • 23.193.120.112
                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              Document_a19_79b555791-28h97348k5477-3219g9.jsGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              SecuriteInfo.com.Win32.Malware-gen.9746.16728.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              ProconGO1121082800.LnK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                                              • 13.249.98.125
                                                                                                                                                                                                              Version.125.7599.75.jsGet hashmaliciousSocGholishBrowse
                                                                                                                                                                                                              • 13.249.98.125

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Config.Msi\48c20b.rbs

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):34112
                                                                                                                                                                                                              Entropy (8bit):5.796495360213887
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Nw9baw/tqqw31HFcnvfBuzyaD7Jn52zXYFu5J5N01kJRC:NQaw/tVw3jooTIbHe
                                                                                                                                                                                                              MD5:AAE3B52E5DAA9A65BC625EADE50A44B4
                                                                                                                                                                                                              SHA1:AF595106221F69142406D996686115EB92DD8944
                                                                                                                                                                                                              SHA-256:BCD020DE3BEED025DCB8EF31579371D6121E64D5A9D0BDEE315808FDFC6CD554
                                                                                                                                                                                                              SHA-512:D7F34877E3C70001E80FAA17783BAE07A3BBF601026662993793240183E86C1A65A9FCC9F826ACEF297B5709786502A56D40C0D4391F8C84F6E8CC7DE35FFE7F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:...@IXOS.@.....@P=.X.@.....@.....@.....@.....@.....@......&.{A81A974F-8A22-43E6-9243-5198FF758DA1}..SweetIM for Messenger 3.6..SweetIMSetup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{88655337-61D8-45FF-9B01-BB29C2AAFDE6}.....@.....@.....@.....@.......@.....@.....@.......@......SweetIM for Messenger 3.6......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7D8D174B-3913-4B63-AC98-73E40D7D8B60}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{3FE7B4A9-F987-4178-919D-0352382BC051}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{2C982089-08F2-4C7A-BB39-32CD1652E5E4}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{C50A8E86-DD06-4529-95D1-DB619CE4DDFB}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{305C457F-A573-4331-B422-83E881FD8EE7}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{E0B676BA-E9B1-40AF-B9F9-D7DD9A467543}&.{A81A974F-8A22-43E6-9243-5198FF758DA1}.@......&.{58338CDF-

                                                                                                                                                                                                              C:\Config.Msi\48c20f.rbs

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19798
                                                                                                                                                                                                              Entropy (8bit):5.711677637475957
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:i1g+RuNxbAU+CWpZovNPMbbHHaN1JW8z/xZ7y8i+DZ45C9xNF26KIDZWtCnxhvu2:0mmCaSlHb/3BuwkuwKmeF
                                                                                                                                                                                                              MD5:66FCED6EE0370751F23ECCF7F92F810A
                                                                                                                                                                                                              SHA1:E7514410463528B8D0E6CE16E6AA6558AE64F931
                                                                                                                                                                                                              SHA-256:CBCADA4F1DBE05A7706F0580103CBDEB1C94434AB9F540FC85018A3222809932
                                                                                                                                                                                                              SHA-512:119115FF3908D8BB83528A69FB27978731CA4883C4D4F68D31605245A41A7815DCBCA44C61528B25105D4F9A1E2B9F0560EC603C20ACBCD29B1B65C06D1F789F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:...@IXOS.@.....@S=.X.@.....@.....@.....@.....@.....@......&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}).SweetIM Toolbar for Internet Explorer 4.2..SweetIESetup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{F44840C4-6708-42BA-807E-138D61C83EB9}.....@.....@.....@.....@.......@.....@.....@.......@....).SweetIM Toolbar for Internet Explorer 4.2......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B655F7E9-422F-408D-9DA6-690F6F437498}&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}.@......&.{097CDE68-E405-4381-BD2C-C0A94023F82D}&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}.@......&.{DF3F12EC-2B75-4144-8208-FE511A561A65}&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}.@......&.{6B8676E2-D239-4211-830F-745CD4816053}&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}.@......&.{33FAD51D-022C-419F-861A-7D5DC713CA7D}&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}.@......&.{E588F4FB-4EED-4465-BEE1-C0990E613299}&.{A7BC02AF-1128-4A31-BCF8-1

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):123184
                                                                                                                                                                                                              Entropy (8bit):5.6531883654688135
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:TnwPks2TwO+Iydk233dHeeeR/IZvN5I5KplH1KvuRVo4v:TnwPkzlv233d+RwZLHlH1Kc
                                                                                                                                                                                                              MD5:2522191078E80AE1BBBC7EF51D54D4D9
                                                                                                                                                                                                              SHA1:E43E49734BD1129A597A1F852E2A68AE97B825A6
                                                                                                                                                                                                              SHA-256:835DACFCB1E13DA99672C6C46035587CB7A183014D1F218F8DCEB7B725BA5384
                                                                                                                                                                                                              SHA-512:2C0819EDB39F63142D3CD7EA486B356E0A727D5C841F4F4C0FE786CD1984B40893A6F704602E9AAD16F8653BE1FAD8BF6BBA2FE00395000B75E3B4F0771DEC71
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 35%
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@.g...g...g...k...g...k...g...k...g...k...g...o...g..[o...g..Vp...g...g..&g..Vp...g..4l...g..Vp...g..Rich.g..........................PE..L.....6N..........................................@.................................%.......................................h........@...{..............0!.......... ...................................@............................................text............................... ..`.rdata...d.......p..................@..@.data...X....0.......0..............@....rsrc....{...@.......@..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114992
                                                                                                                                                                                                              Entropy (8bit):5.109750616038281
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:nfRXjWg1g9crILp1sM5Y+eFuyfP+7zASkWTtNRnhYJ+uUJppUaWo42:Bzm1sV+etPUASkW5NgJ+FUC
                                                                                                                                                                                                              MD5:15A4D1A8C15CB3C0C13C3F36899475E6
                                                                                                                                                                                                              SHA1:C7C8F02263509248FE139E07C4B7A1A281ECA1C7
                                                                                                                                                                                                              SHA-256:1EF7B897D41608A79ADF62A4252E8376A1EFC9E5A1CA9055AC577E36664D0919
                                                                                                                                                                                                              SHA-512:03138A16AB143DD204C94BA648D738CBED826384DF90347C51916D5F9527CA2BFAB13BE511D0BAB3E95803C36A4099E1D7CC28DEF7364184DA1FB5520C9E5443
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..\:...:...:...)...;...?...8...?...5...?...>...?...>...)...8.......>.......>.......3...:.........=......;.......;...Rich:...........PE..L.....6N............................H~............@.................................QM..................................................X...............0!..........................................x...@...............<............................text...d}.......................... ..`.rdata...9.......@..................@..@.data...............................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\default.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):462
                                                                                                                                                                                                              Entropy (8bit):5.014952940002876
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMHdoIzuqDUbD54nBKZy4nBA+mO2CT4nBiU4nBTl7DT4nB30:2dVzuqidOBOA+kCTOfOTlTO30
                                                                                                                                                                                                              MD5:4A93F75295BA23D7CE7E39FFF5BDBDD5
                                                                                                                                                                                                              SHA1:55F76E394BEFFD52861FD65D3010267588F2D3C0
                                                                                                                                                                                                              SHA-256:34EB3FAFA9F5A9E754ABFC0A0334EC9B5AB83317DACA150FCD2104723763911A
                                                                                                                                                                                                              SHA-512:57D5E6B319465E5F3B4251656E87C30424093FC5C3181E030A5832D8296479DD15A118F93C41A39FA177D16653C2C3DAE4F25999EDF73E7F139B2A0B7791CFCA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->....<Main>...<ConfigFiles.. LoggerConfigFilePath="$data_dir\conf\logger.xml" .. AdapterConfigFilePath="$data_dir\conf\adapter.xml" .. SweetIMConfigFilePath="$data_dir\conf\sweetim.xml".. SweetIMAppConfigFilePath="$data_dir\conf\sweetimapp.xml".. AutoUpdateConfigFilePath="$data_dir\conf\autoupdate.xml"/>..</Main>..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26928
                                                                                                                                                                                                              Entropy (8bit):6.305622718915669
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:54iSq58lppUcPoCAi1PTLithGAq/yINTsXuTYJLca6j1q33eMkc7kz:54iSq50UcQCAGPTeGb/cXuSLFm4NIz
                                                                                                                                                                                                              MD5:D74C378C65BA6775A087F38606B774BE
                                                                                                                                                                                                              SHA1:8DDDF5F5F0E1D431C3867E404696A452D2480BE9
                                                                                                                                                                                                              SHA-256:2ABDCC9E5FC5A5C1C5B2489E805190F90687E8C81CA1CC90704BAFBC2CF56F38
                                                                                                                                                                                                              SHA-512:281B3B9491B5AF9C9320E1985F7764F28CC176F9A228382CD2EC514A4440411523D5E2E0384B9A8B0E6CC429F3822E1DBB338B221D86C25ACE83DD89E33AFDA3
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^.s...s...s...{...s.......s.......s.......s.......s...{...s...{...s..kP...s...s...s...d...s...d...s..}x...s...d...s..Rich.s..........PE..L.....6N...........!.....$... ...............@......................................J................................L.......G..x....................H..0!......X...................................HD..@............@...............................text....".......$.................. ..`.rdata..a....@.......(..............@..@.data........P.......6..............@....SHARDAT.....`.......8..............@....SHARDAT.....p.......:..............@....rsrc................@..............@..@.reloc...............D..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgArchive.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):43312
                                                                                                                                                                                                              Entropy (8bit):6.447993602664435
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:StwifonAxmh/Z3PnIr8m6M8UAt7zBwNmhNk99aJ0qey1X4txPT8YEgLFm4P7:u1wnAxmBZ3Pvm6M8UAt7xNk99m0qeGX4
                                                                                                                                                                                                              MD5:C99FE89C079AF526095C64DED4DF80CD
                                                                                                                                                                                                              SHA1:1E9B724A77188063B44A50B21CB6C7FF9761AA80
                                                                                                                                                                                                              SHA-256:A5FCE6C2E780EADBD24229B841164E9F8EBC4D857BE60D82A51A1E9C53E97C0E
                                                                                                                                                                                                              SHA-512:9890565BE65D13644C7EADE5D63263C0B806E0391EA706ABCC7FCD3B93D6981614E7F298032CD1DE60C59FE9C28355EFAFE97D6DAD901A38D1AC8310019D1C75
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 22%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1...4..3...4...2...4..3...4..7..."..3......4...1..........4......0.....0......0...Rich1...........PE..L.....6N...........!.....V...........c.......p......................................d5..........................................d.......x...............0!..............................................@............p...............................text....U.......V.................. ..`.rdata..j"...p...$...Z..............@..@.data...,............~..............@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):151856
                                                                                                                                                                                                              Entropy (8bit):6.07331429118849
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:xqmCev3BSnb6cdSmxsfDKz7uokGS49dwhEP8oMykRDPwUKo4A:xq9eWucdSmxsfDpokGS49dwhEP8o6R9
                                                                                                                                                                                                              MD5:EEAF844217A5BA3FD233E08B796088AB
                                                                                                                                                                                                              SHA1:19B3FD71F2E3635B44AE88B7B081789E557C992C
                                                                                                                                                                                                              SHA-256:5427071D86C57CA70A36AE238C556FE14AE97DD6744E162B09A47223069B24D7
                                                                                                                                                                                                              SHA-512:4BAFC1DD1FD26C4300C9BC46247708C769CFBD9050A474D7EBA142B16BDB302FCB6E5E117AE39BE8A4C14BFA09DB0947CF878A299D6CFC176C44BB2C7446E5DC
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,.^5h~0fh~0fh~0fmrmfj~0fmrPfi~0fmr?fi~0fmrof`~0f.vofn~0f{vmfj~0f.vmfc~0fh~1f.~0f.iPf|~0f.ilfi~0f.unfi~0f.ijfi~0fRichh~0f........PE..L.....6N...........!.........P...............................................0..........................................{............................0..0!... ..........................................@............................................text............................... ..`.rdata........... ..................@..@.data...<...........................@....rsrc...............................@..@.reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):172336
                                                                                                                                                                                                              Entropy (8bit):6.107700126005232
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:dGcL35IIGfGzVXNP0PTidLbzRIF4qTY+YUE8eKAgc2X:tlpqM+YUreKlc2X
                                                                                                                                                                                                              MD5:DB522A7179B9EA8EC817E8C748349EF5
                                                                                                                                                                                                              SHA1:06B870CF458D88376C40E90931F5320E28A43878
                                                                                                                                                                                                              SHA-256:23E0598E26F10AC7815CEC0149D4609605F7701E3E53F743460169E50C592CE1
                                                                                                                                                                                                              SHA-512:99334DC2361C78512195B540DABF6121266335C83ED2A423ABAC924949BAB709CA36530A64BE4EABC4C16895681B169C61F97C98B6199758DD0083715F9C1F93
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.z..x)..x)..x)..')..x)..w)..x)..%)..x)...)..x)6.')..x)..%)..x)6.%)..x);.%)..x)..y)..x);..)..x);.$)..x)Y.&)..x);.")..x)Rich..x)................PE..L...x.6N...........!.....P... ......C".......`.......................................O..............................0...4#..$........@..x...............0!...P... ...c..............................8...@............`...............................text...NC.......P.................. ..`.rdata..d....`.......`..............@..@.data........0.......0..............@....rsrc...x....@.......@..............@..@.reloc..h$...P...0...P..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):303408
                                                                                                                                                                                                              Entropy (8bit):6.190684897309082
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:HU3gzYpvI+AY3sbsC5X3IB/8Cknjl5NVj/R94jjLKM9uefGUaVf2U2IHwKkehe1m:0WY3srldYGUefd2IHD01iLvSCtRF8Igi
                                                                                                                                                                                                              MD5:68A813528EDC76B73AEE10FC0EE11EC1
                                                                                                                                                                                                              SHA1:CC28370E1E684BB933FCA4CBD3966CB6097A213F
                                                                                                                                                                                                              SHA-256:70F356AD5EC9E11E53D6566B3281BED715CA6461E248700C3C406872DE0EEDE5
                                                                                                                                                                                                              SHA-512:CF784E7B346483C1C3FE4B03EAB1F04FC66F1F1310DFCE33E7BC28DA064BEC9FB1A4279F34FEBA0AC79F423676BE5ABEC462A2B883D6522A360C28CE86D1DC43
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...VkS.VkS.VkS.Z4S.VkS.ZdS.VkS.Z6S.VkS.Z.S.VkSd^4S.VkS.^6S.VkSd^6S.VkSiA6S.VkS.VjS.WkSiA.S.VkSiA7S.VkS.]5S.VkSiA1S.VkSRich.VkS................PE..L.....6N...........!....................................................................................................w...8...,.... ..................0!...0...?..................................@G..@............................................text...?........................... ..`.rdata...".......0..................@..@.data...|...........................@....rsrc........ ....... ..............@..@.reloc...I...0...P...0..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):82224
                                                                                                                                                                                                              Entropy (8bit):5.783241323362956
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:sKK7qylKnoBpeQf8oYx1eLNvOLhqDUnyKBE1S0ZXrdFpHWF/nblU5a667rlrWLFu:sL7TOgeQf8FxoJGhsdX+by5T67rlao4k
                                                                                                                                                                                                              MD5:0CF54C94CBECBD7A675D841BE4F53CDF
                                                                                                                                                                                                              SHA1:D54F0AD87F806CE8533197294057B9A9EA53651C
                                                                                                                                                                                                              SHA-256:C630C04369818902FB1608FBF072CBEFBB7E91B286E1256F7F51D7BFC91A85BC
                                                                                                                                                                                                              SHA-512:0E716A79F6DC97D64ECA029F00C06F03DAE37436BBA1072AF4E64CBE7020BCB197B916A472CB72E821BC90A428AA972017854C905331106BB07A589D3DA17D61
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......tA.0 ..0 ..0 ..5,..2 ..5,..4 ..5,..8 ..5,..4 ......2 ...(..2 ..#(..2 ..0 ... ...(..= ...7..8 ...7..1 ...+..1 ...7..1 ..Rich0 ..........PE..L...v.6N...........!......................................................... ......J...............................`................................ ..0!......,...................................p...@............... ............................text...G........................... ..`.rdata...0.......@..................@..@.data...`...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):44336
                                                                                                                                                                                                              Entropy (8bit):6.366902731891143
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:vKgrJQibQP+uSSuwSv7Wnf8wQxNgSelBWTOLFm48:vKgreIYO7Wf8w0zGBWyo48
                                                                                                                                                                                                              MD5:489CA8A6A5A732A598D50E97E8471633
                                                                                                                                                                                                              SHA1:3699FD8A24AD1927522B457D132395647BAF4B04
                                                                                                                                                                                                              SHA-256:B1A2D4C0ABF5EA7372A8DF0E861DD1ED14C3D39A1F4CCB7B8A1F1DC0CBEAB8DF
                                                                                                                                                                                                              SHA-512:9D6B9FF6E9B1DB564A707A095F2B687E668864054C75139C4DF6BFA4B838AC9AD390ACA73B4C1D70E1E6877A8E4CEF04C167B5093BA939D77663F64CF4BC26F1
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......1G;Qu&U.u&U.u&U.p*Z.w&U.p*..s&U.p*..q&U.p*5.p&U.....v&U.f...w&U.....s&U..1..w&U..9_.t&U...L.v&U.u&T..&U..15.r&U..1..t&U..-..t&U..1..t&U.Richu&U.................PE..L.....6N...........!.....J...>.......T.......`......................................O5...............................|..H....s..........x...............0!...........................................h..@............`...............................text....I.......J.................. ..`.rdata..H*...`...,...N..............@..@.data...@............z..............@....rsrc...x............|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):414000
                                                                                                                                                                                                              Entropy (8bit):6.1804525885022645
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:Ng/42m9i59iEj1Y/0oIN6Zxwetzo9zUqfr0SFQPBs5OVjDq:Nob9iEj1Y/0H6TdSFQmyDq
                                                                                                                                                                                                              MD5:C1BE6D9B4E86AF5A2BD1B3A8B3C88338
                                                                                                                                                                                                              SHA1:B3811858A4E998C2E5B9154BF6C607909F1C761D
                                                                                                                                                                                                              SHA-256:113C84B4ED3D0E5D5CA9469C4973C35D16877DDEF010333F3E953376605F0A57
                                                                                                                                                                                                              SHA-512:1FD3831122619DC1165A2ABCE77E616072F85F105F50AB85DB95F60D56FD72B96DE217D8A6F196EEDB75A9A5AC1E4E91B698684F95C3ED74CB120677FC13B919
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 22%
                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......E.........................................................................[.....O....................Rich...................PE..L.....6N...........!......................... ...............................0......)l..............................`n..w....:..T.......8............0..0!.......X...................................^..@............ ...............................text...:........................... ..`.rdata...N... ...P... ..............@..@.data...|....p.......p..............@....rsrc...8........ ..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):626992
                                                                                                                                                                                                              Entropy (8bit):6.2198102214919215
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:Bh48Tp5bVszs94qIXLzf5p18xhdDb/RCoq:T48Tp5Lqq8Rs3dDb/9q
                                                                                                                                                                                                              MD5:9470CBD794AEFDF137CDFDB858B869BC
                                                                                                                                                                                                              SHA1:36C4145249AFD45080DC1332A1E81915955449A3
                                                                                                                                                                                                              SHA-256:D61F966704DAFD381B0C9E737E76237E673D23F02E786D771128292955C110A2
                                                                                                                                                                                                              SHA-512:8504D84B92DC4F413436E0A069A0ACE45E1C030064026719FA46225FD27ADAA7430290CFFD867801BE32B41317CBABF756BE4437627E23A3A5877E462E95C373
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^...0...0...0...o...0...?...0...m...0...P...0.m.o...0...)...0...m...0.`.o...0.`.m...0.m.m...0...1...0.`.P...0.`.l...0...n...0.`.j...0.Rich..0.........PE..L.....6N...........!................b...............................................m^..................................i............`...l...........p..0!......l...................................(9..@............................................text.............................. ..`.rdata..9!.......0..................@..@.data...Pk.......0..................@....rsrc....l...`...p... ..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):282928
                                                                                                                                                                                                              Entropy (8bit):6.466000813422872
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:5noUsw7dtQtR6uGwejYBejDQ9qeM9qei5rfEdS9Rd+RdmD9lX8tB8wrPs+C:5oUlhub4awrPs+C
                                                                                                                                                                                                              MD5:82B342D1E5DC79F697E6206994017E5C
                                                                                                                                                                                                              SHA1:2EB55CE5CCE8D3445F64359F954D55B1EAA35CC3
                                                                                                                                                                                                              SHA-256:BAF6D6CAF3C455AE1ED4D0C76CDC2828F0888069A1CCD3595D14BD24F6CA87B3
                                                                                                                                                                                                              SHA-512:2F3E6458C86C3D4F55B62094DAEF6E134D9154017E3CE960C04C0167080D6B1C109A737C5DCA8EC59DD26AE093A58ABC60C421BD40249F7F3A0D5B39ACD6403F
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........r....C...C...C..uC...C..CC...C...C...C..AC...C..|C...C4.CC...C..AC...C9.AC...C9.CC...CM..C...C4.AC...C...C0..C9.|C...C9.@C...C[.BC...C9.FC...CRich...C........PE..L.....6N...........!.....P... ......6........`.......................................................................6...................e...........0..0!.......[......................................@............`..@............................text....L.......P.................. ..`.rdata.......`.......`..............@..@.data....\...@.......@..............@....rsrc....e.......p...P..............@..@.reloc..bo.......p..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):90416
                                                                                                                                                                                                              Entropy (8bit):5.464548406867268
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:w8HbJRAhIOsA0GA2lcGe2Nolv5hN4OZXdTauNdq0NKcWALFm4h:wK0IOsA09GGlrN4IT3NU0NKcro4h
                                                                                                                                                                                                              MD5:62915C83847B316AF528CD779A9C4316
                                                                                                                                                                                                              SHA1:7270C734D80B4D6CF6EEAFE7108BA84073EEB541
                                                                                                                                                                                                              SHA-256:E03BC8F3852CC35C5FA83890D609538EC6ACAB28710A0215EE204CACF686FC05
                                                                                                                                                                                                              SHA-512:7370802AEDED3C56372E45FAB13A262BB47630AE254E493B99AFBC7E7427F195C6AE63A82178C3D25888B0D7A911ADAC05B4852260EF8EC16D3D1E46E354A336
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.c...............R...............P.......m.......R.......P.......P.......P...............m.......Q.......S.......W.....Rich....................PE..L...}.6N...........!.........................................................@......w...................................M...D........................@..0!... ..........................................@...............|............................text... ........................... ..`.rdata..=D.......P..................@..@.data...L...........................@....rsrc...............................@..@.reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):176432
                                                                                                                                                                                                              Entropy (8bit):5.944826993695125
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:HWBpDo9Hvb3fY3A4iBscQrHLhpcM3Ha8xd0getpSBsfhdfFUuSf/TfjIwbJs9I8n:H+pjw4d/r33HaOnetp8W03IwbJswe
                                                                                                                                                                                                              MD5:76ECD026609504785CCF48529EF91401
                                                                                                                                                                                                              SHA1:9F92D402C2B0763BE1AB7C354A6B467380FDD285
                                                                                                                                                                                                              SHA-256:E2C5CB1B09C39ACFD64B63754BEB1C1ACD389BA0CA0E8D93965012C7A77208E0
                                                                                                                                                                                                              SHA-512:9A330059347C75BBE5EEEDFAC64749FD3A4A08DC5E319A1E7E5245F7C22A88E343354247CA29ABAD26F921135AAE3BA8604D694E9B192611CBDA9815C20EE491
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......A.,(..B{..B{..B{..+{..B{...{..B{..M{..B{...{..B{.."{..B{...{..B{...{..B{...{..B{..[{..B{...{..B{..C{T.B{.."{..B{...{..B{...{..B{...{..B{Rich..B{........................PE..L.....6N...........!.................b..............................................j...............................0,..y.......@....@..................0!...P...$......................................@............................................text...Fw.......................... ..`.rdata..............................@..@.data........0.......0..............@....rsrc........@.......@..............@..@.reloc...4...P...@...P..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):282928
                                                                                                                                                                                                              Entropy (8bit):6.3365930758329165
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:p155cF4U7G/+F1If/6JpSl57TLjbzrD7TLjbzrnoma5+zanBxV7d9EGWy/X/rUNR:loX5+yBzTLWSXDUm8b
                                                                                                                                                                                                              MD5:E68A5E68F3171EC36ADAD75AE6DEF903
                                                                                                                                                                                                              SHA1:050B5A22D59178CAC150CC6F00B26A6E72117B2C
                                                                                                                                                                                                              SHA-256:4038137DB80A3E86BA73DB830AED68EDA2C0E005E4A717613A005B503A5D2302
                                                                                                                                                                                                              SHA-512:C4A92540EE49E199170656BAB47A8075DB5FE65F9D99BDCD7FEB73FDE8C93DE87C545350A2550C0E0A4C4740288741819B29262FC4FC70CF086C41589B4ECB86
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............m.H.m.H.m.H.e.H.m.H.a.H.m.H.a.H.m.H.a.H.m.H.a.H.m.Hse.H.m.H.N.H.m.H*N.H.m.H.e.H.m.H~z.H.m.Hse.H.m.H.m.H.l.H~z.H.m.H~z.H.m.H.f.H.m.H~z.H.m.HRich.m.H................PE..L...p.6N...........!.....`..........S?.......p...............................0......<P......................................\........................0..0!.......3......................................@............p..\............................text...._.......`.................. ..`.rdata..eN...p...P...p..............@..@.data...,...........................@....rsrc...............................@..@.reloc...H.......P..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):36656
                                                                                                                                                                                                              Entropy (8bit):6.566288110740887
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:KO0jnLoBH8u0THymTvkHAqC3qmOuV8pxXQuYa940mvxDW9vXQgJOv+eN56JYJLc5:sjcj0THnIm0RXQVZ3D2eqkLFm4W
                                                                                                                                                                                                              MD5:AAD164AB006844D07B8F9F8E0BEDC1BD
                                                                                                                                                                                                              SHA1:B9ABA571D3ABA1CCD0B49BACC1465FA6258FFB0B
                                                                                                                                                                                                              SHA-256:81DAB7F6C941092C3CDE11F9C4CDB66CCB32B28FD17CF2D214396CA8F8FE4863
                                                                                                                                                                                                              SHA-512:E7CE7540FE57652C9BBCD43B827CB941A9AEB066BE809D543AC697BCCB3136EB57DE3C789B7C48037CA83091268715FC7B81302AAF2BF079F1D733CA47F32280
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t...O..O..O.GO...O.zO...O.EO..O..O...O..O...O@.GO..OM.zO..OM.FO..O/.DO..OM.@O..ORich..O........PE..L...y.6N...........!.....<...6.......G.......P.......................................G...............................^......hW.......................n..0!...........................................T..@............P..8............................text...::.......<.................. ..`.rdata...!...P..."...@..............@..@.data...,............b..............@....rsrc................d..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65840
                                                                                                                                                                                                              Entropy (8bit):5.346825771977272
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:qQMs0Ur3Y5Zvv97N6xAJmeaHlxZFS7/yeQFfNc+nplbPxn7ATOBvZz+RyZJWiD/b:8s/cBvBPzk7oQF177t3bJhD/tZXLFm4H
                                                                                                                                                                                                              MD5:704ECEF0D485725348E11F39B2D0F0FA
                                                                                                                                                                                                              SHA1:8AAEB423A54294EBE40C6179923D762AE10E7A1D
                                                                                                                                                                                                              SHA-256:E6DB2E99BF1D23753E885FE6619A39C1834B3AD5209D180F8F92FECEE86E3AC2
                                                                                                                                                                                                              SHA-512:27E8EFE636C6BF12820E49E1C6C10FF42C7A910225FD3F93FAAFC73880A11311BC04C9489CD8EA9F2339AC6FBA87695ED23A4753F52157653C18D75BA5C1C6DE
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)1STmP=.mP=.mP=.h\2.oP=.h\b.eP=.h\`.iP=.h\].iP=.~X`.oP=..X`.oP=..G`.hP=.mP<..P=..G].nP=..Ga.lP=..[c.lP=..Gg.lP=.RichmP=.........................PE..L...r.6N...........!.....`...p......TX.......p.................................................................................x.......................0!...........................................w..@............p...............................text....R.......`.................. ..`.rdata...7...p...@...p..............@..@.data...p...........................@....rsrc...............................@..@.reloc..f...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):168240
                                                                                                                                                                                                              Entropy (8bit):6.137096654586006
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:uEFrpHLQXKo9LL7aJxNNowUEQDYWZ12PxZy7N8QOFijA:hprmKULL+xTJy7N8QW
                                                                                                                                                                                                              MD5:B7A60ED4FA88D630E14E51D5D85F25EB
                                                                                                                                                                                                              SHA1:5F6B7B23624779F0D196BFBC3B5AEE872FBB832F
                                                                                                                                                                                                              SHA-256:3F36088D34586D2F052A5B6360930EFCA972D9E854745B1F1B2FBC8F7BA67F98
                                                                                                                                                                                                              SHA-512:531EB806F6AA25522B36B365399AF84648E7AFE50E269184F951059D22C32AC6E334AA163DA6259803AD0D8913CEA6BD6328365F9084062141D684E177C26BF4
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P...>...>...>...c...>...1...>...^...>...a...>...c...>.z.c...>.w.c...>...?.[.>...>...>.w.^...>.w.b...>...`...>.w.d...>.Rich..>.........................PE..L...s.6N...........!.........................................................p......................................P................@..x............p..0!...P.......................................................................................text...3........................... ..`CODE....$.... ....... .............. ..`.rdata..[........ ..................@..@.data...$...........................@...DATA......... ....... ..............@...BSS.....i....0.......0..............@....rsrc...x....@.......@..............@..@.reloc..B....P... ...P..............@..B........................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mglogger.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):37680
                                                                                                                                                                                                              Entropy (8bit):6.111808444854254
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:qN7HU86igSN7aPN9e+AZZpJyL6lcyJuEUjDqb70MLFm4L:s08ZgSN7aPN9e+UyL6lcyJlUjDqb70Mv
                                                                                                                                                                                                              MD5:9C0ABC7CCC700856139274539B703C3F
                                                                                                                                                                                                              SHA1:A10BC23441A65123A86249EE21FC991AECD68AE9
                                                                                                                                                                                                              SHA-256:18C6CA0289D20DA99A91660C89921278217E9BCC6AE12CF793EA90E32EAC967C
                                                                                                                                                                                                              SHA-512:04872EAF3DAC8A30D60704D06B6B65F356D21EA2CADCA636D9E3FC20C62A126A1230D8D8D5D6F723B77A84D3FAA655CA8433C361DEEA556F62EE70C4B600C443
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f[0..5c..5c..5c..hc..5c..:c..5c..Uc..5c..jc..5c..hc..5c6.hc..5c;.hc..5c..4c..5c;.Uc..5c;.ic..5cY.kc..5c;.oc..5cRich..5c........................PE..L...t.6N...........!.........j............... ...................................... ................................"..Z.... ..<....@...]...........r..0!..........................................p ..@............ ..@............................text...`........................... ..`.rdata....... ......................@..@.data...H....0......................@....rsrc....]...@...^..................@..@.reloc..t............l..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49456
                                                                                                                                                                                                              Entropy (8bit):5.0078585953099495
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:8Ky1DWhw0+MD3DEgFjceMhcCorMDMT30UD9aLFm4Sjo:8x1DWhw0+MDTEgFjcelyCEUIo4mo
                                                                                                                                                                                                              MD5:0CA4193DC3D47E2C6B03FCFBFA83EE8E
                                                                                                                                                                                                              SHA1:6337E84F82A83AB687D79D106025D0EE2DA71F37
                                                                                                                                                                                                              SHA-256:380BF72A60B7F606C743949F85DD4EC0AD7B705F7CA063431473E4396F0CDEA6
                                                                                                                                                                                                              SHA-512:4189D45288C02194CF976BCC5C9E2DB016CEB8A8B7468A2A574A893BD0ED352292BD1D4BCEA581101EF6B2474A5F51F0E2B1CCB753F0AD6E27FCBC1864DEFBDA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&+..Hx..Hx..Hx..Gx..Hx...x..Hx...x..Hx..(x..Hx...x..Hx2..x..Hx?..x..Hx..Ix9.Hx?.(x..Hx?..x..Hx]..x..Hx?..x..HxRich..Hx........................PE..L.....6N...........!.....0...`......P4.......@......................................................................@^.......N..........................0!...........................................E..@............@..D............................text...J+.......0.................. ..`.rdata..[)...@...0...@..............@..@.data........p.......p..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):74032
                                                                                                                                                                                                              Entropy (8bit):5.492565135442503
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:A8gN0Q5P1kdL3AbkkSxIIHHFx7GujLFQCBTYvKSkFaPwu2DLFm4F:A8gN0Q5P1uElInF8iLDECBFaPwBo4F
                                                                                                                                                                                                              MD5:D07D73E787BD71B90DDC05620600CCC2
                                                                                                                                                                                                              SHA1:CDAFFE368D35372036C4EE5AAF0ADA76FD96729B
                                                                                                                                                                                                              SHA-256:F2D2D2C61C6BF3B040148E76C7F49341B2C8D312507AB268739452B6D25C4839
                                                                                                                                                                                                              SHA-512:921077E197C0B7DB1F28310619B4E93E04817B951DAC69A1C963D608E20B80254FE2D9461E973F833C22E1E183F3320E9782CFC88BA101C28F31465C898E53F0
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.........................................z......w..........[...w......w.............w......Rich....................PE..L...q.6N...........!.....p...........u..............................................4...............................p...$...@...d.......................0!..............................................@............................................text...>o.......p.................. ..`.rdata...8.......@..................@..@.data...............................@....rsrc...............................@..@.reloc..|........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):503808
                                                                                                                                                                                                              Entropy (8bit):6.4043708480235715
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
                                                                                                                                                                                                              MD5:A94DC60A90EFD7A35C36D971E3EE7470
                                                                                                                                                                                                              SHA1:F936F612BC779E4BA067F77514B68C329180A380
                                                                                                                                                                                                              SHA-256:6C483CBE349863C7DCF6F8CB7334E7D28C299E7D5AA063297EA2F62352F6BDD9
                                                                                                                                                                                                              SHA-512:FF6C41D56337CAC074582002D60CBC57263A31480C67EE8999BC02FC473B331EEFED93EE938718D297877CF48471C7512741B4AEBC0636AFC78991CDF6EDDFAB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..............C..............N......N.......N......N......N......N......N......Rich............PE..L....Q.D...........!.................-............<|................................&[..................................?....2..<....p...........................0......8...........................(-..H............................................text............................... ..`.rdata...+.......0..................@..@.data...h!...@... ...@..............@....rsrc........p.......`..............@..@.reloc...0.......@...p..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):348160
                                                                                                                                                                                                              Entropy (8bit):6.56488891304105
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
                                                                                                                                                                                                              MD5:CA2F560921B7B8BE1CF555A5A18D54C3
                                                                                                                                                                                                              SHA1:432DBCF54B6F1142058B413A9D52668A2BDE011D
                                                                                                                                                                                                              SHA-256:C4D4339DF314A27FF75A38967B7569D9962337B8D4CD4B0DB3ABA5FF72B2BFBB
                                                                                                                                                                                                              SHA-512:23E0BDD9458A5A8E0F9BBCB7F6CE4F87FCC9E47C1EE15F964C17FF9FE8D0F82DD3A0F90263DAAF1EE87FAD4A238AA0EE92A16B3E2C67F47C84D575768EDBA43E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v.............K.E.........S...F.x.....F......F.G.....F.D.....F.F.....F.B.....Rich............................PE..L....Q.D...........!..............................6|.........................`......V...............................L....C......(.... .......................0..h+......8...............................H...............l............................text............................... ..`.rdata..`...........................@..@.data....h.......`..................@....rsrc........ ......................@..@.reloc..h+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):764
                                                                                                                                                                                                              Entropy (8bit):7.631231884636608
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7zLrAj7Ot9ktPn3q5aYVnvkE3l+Q1DlJC4ep1EO0V/18Om93CcPHaQ+eM8nSb:6APeitP65aE8sl+QDO4ep1E//e95PFSR
                                                                                                                                                                                                              MD5:8A898701FA84C675AF171F4C7B30F86D
                                                                                                                                                                                                              SHA1:9827AABE4EE3A3BC62CFA3DA9E16FE99101D0D31
                                                                                                                                                                                                              SHA-256:7454A57C5FF219F763DFF583F954AA5A491FDC598FE8836F7F36401CFF7FAED3
                                                                                                                                                                                                              SHA-512:DF0E73A241D80916367CF81E120FDEEC4940501B4EF037958FE493E8E42A0C8C54E5ED212B5804263943EBAD23B7233F6B5FBF012FE7A5671E0F47253198BB5F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............Db....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.TKL.A..vw..bK.Z...C).F1\..H$.|.|..$z4QOBb|...= ....x..Z....x....iBK. =....3.l4z.Ifgf...........5..$....dP,...hG$...Q.O`#........j...a-...r....p#.>.d2...2,.F(v..i..T.J....`...,L....K........9..:.F0".<.....W..,V|..Y..P#...?.....x....0.E8##G.............=.....B..,..........oP....5#..b~a..L..O5..>.y...-..p.!H.?.....v..j..X,.........Y.f-..il.=}...;...(..r15>h...J@.u..B.....=.?5%q..KK..".E.uuu.f....+H....v]................5.T{<....j.."K...f/-Vj.+......(.x"......2.n.Ag.ULQP*.....g_.B.a.Y~.0.B.....0*..#.l...$|e..W..r.k.U..u..=.)pN.<g7&&.W.|.;<....*..... &o..9{....D.....S.:t..4L.....u.b.....i[(.?...q..cc..u..x......`..RV'.d.S....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):897
                                                                                                                                                                                                              Entropy (8bit):7.70805588110842
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7zL8y0/EB7tHf+oUHK2sbAhtaBZaOLz/37ZpUyTtXfNeQJ58tSOBw01/66dd9:20/EP6HfskhtaiO37NXlZ/8tM0I67T13
                                                                                                                                                                                                              MD5:B466024FBBD35B838E14D7C87A293C29
                                                                                                                                                                                                              SHA1:BDF02C976CC7E44ED88608C231B41F2A09AEF05E
                                                                                                                                                                                                              SHA-256:33B0485B1D867D4F5C7E304F64DB783E30F3568F14E0CC8A5CFD63735D90E95A
                                                                                                                                                                                                              SHA-512:01FDBBFF65A8C766329B181815A86CD4046D44E33374CCBD18055718E24A4180D297A8FBC536557B2EA86D6640F2A3466DD8B6171ACE9DA95EE8AECE35DE10F6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............Db....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.T.o.G.}.......Ol+V(.*!....$*n..'..o..D..8..[i."@|)B..!!N.....zvv..Fi..4+...{..~o.Yk....w............O.n7.......f...4.M.s.!......y..k...q...5.l..zR...........t<.....O.R K9.H.}..z.....w.]e.p"(z..|x#6.j.FK+...Y...#.l[..8..Gx.|..O.`....}..&%..nM...[.kq.ub[..B..... u|...J..d........".MSP.{...N2Xt.....'.T.8.8}.A...C./V.X.....-'./....}..=0.......%......,C.R@.r...I...*P.b..K..A..._..|N..q..(..}.3.5d......5!5..C../PW..Vpl..2.......(......AoK@....9R7.Y,..,....X..T'.1..(c..'.Fq..W..{.\bN..Ri.ScqMa+.5c..C.c..n...f.o.1...w...v..t..y.....&.-.1..4y..Td.........9.[.)...[..uL.Ch...Bj.Q.....Lj......aU....h.~!.F...}@s.1.I...B....*h...h.W...T...8N.....l0.;..1.....:..;....S"v..p.+....zHq9VC...d...k..........r.1#\...O.Y.n...|T....)......p...6....%.e.;....W.W.....J........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):873
                                                                                                                                                                                                              Entropy (8bit):7.661531807761159
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:/2Qkk0iz8sF7nHTWxx8/kaMgeeeC37qlz:/D0u5BMze17M
                                                                                                                                                                                                              MD5:F9059782C69E3D29F8F6FA3F591C31BF
                                                                                                                                                                                                              SHA1:F65AF4DE4503C44BC1904F4E74FA9BBC3E96E0D4
                                                                                                                                                                                                              SHA-256:A702E4EF4CB3AA1B6E65F3C0EC6D8CC71ABFF40A5F29FF319267808D8B6A013F
                                                                                                                                                                                                              SHA-512:C99EB536F7CAEF1CFBF23E402347D96A21424F73B42B3EDFB92011EF46ED7CA3BE3FAA49F7D5507FAEE8A4C32C6DCBAB27EF7C1D1CD42E16498BC006A4765213
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..KHTQ....>.....gL.,.J-.)...-J.....T -".. t..Q.r!.A..*z..B."..L...Lm....<..t.d....l........R....9....`.@V`.x..sq.......'..)J..*.-9.4.M...>......1/..b.jUs."O...r=M.....<....[...0... ..]..d.......9.%.!.j&4.`...:.2........2...C.X.$...M..FDG......T....7......:....&z~..B.hJ.&...._Vm....._....&.=..=... >}v...7...AX........;.....>gI..&.`.d..|.......D`....wx.c.wk.4..c5g..z.)}..A..w.1.A_?.<......6.>....VK.lQ....AH...D.c.g..D.....u.R..]1.[...]...>\:cE[h..V.@..P..@T-...4.O4...l......>$&? .B..X.....).......H.xQ....?...5...I.=.a_z.......+ ........1.e....;=....F...<..{)J*...&..WL...D.1..3......d4.]..*.=...T.......gf....o.J+..~.A$D.@.f.....X8.>..k3...iwK....%..QM7..q.r-..{..........!q.Igb@zY.`..v..*M..XR.$S..aa.ta.3...o...s.Q....)....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\GamesButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 26 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1352
                                                                                                                                                                                                              Entropy (8bit):7.794508116498578
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:Aof7kh5+z0shi3OF1wF/EfdJJxCcrFYd6VD8QXhtr93Qx56dOuUZSEXCmGMMuvR8:9fAh8HU/EfdnU63Hp3Q/uAS8CmL3vRxW
                                                                                                                                                                                                              MD5:BA7A2AA8AB98BC9805D746A888529449
                                                                                                                                                                                                              SHA1:E42027C3734FC0BF1848F7A401F2985E5F34EB91
                                                                                                                                                                                                              SHA-256:C9278468A702F1E7BC25274320E7EE5B189B4F4F29411894A3310A7686819C1F
                                                                                                                                                                                                              SHA-512:1BC2FA5A2EBE2DE044B908FD0511E0394E96586DC0C14654D5B103DFD28B156ED3D85F7C9310925EE738F523AB9C82B054837CEFC4C4DF25BB9FE558667C2754
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............o.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.UmlSU.~..m.vk7..+.1...1....,...k..jP..(.1(.c.1h .M.?P.1@....-..apc..(tss]i.n.G?........7.....}.y.........L..2....|2u.|.{2..E....>....?D6Z....u....F.b...3ss...q.f'hnlfo...A..}.L.ew......p<H.;=.c/p.A...a/....$6...=...7....h=s*.N...;.o/./Cx<...[.o.<.aU.r&.. ..].=.x.hK.".g..W@;...Kg."..I.....5.. @.....}5.rM........g.....W.n.gYM.k..}.<O........[V.x.....^.#.P..WR."0.D(.#.S..h0......6c..u0.+.ly....U...MphW...J-.,\R#+...55...........`.A...|....i.....{.>H..]......Ri.df.lIC..y.........OD.o>98-]...@....W.o..n...$.(....B++.....{t...V.....N...$a..;.).|LA~a1....y...|.>....8>M..t.......@........V.h......x....b.D.....01..}..a.y. K.^).0.NF.U.._...\...n:u....k...........~?4.&(.?..M".d\;.........lAhL.O..).2..@S..E.+j=...%;?.vf.(.........D.%...W...<e..~Cb..B6.:z...3.#.S..(..". #....<!U.(.......r-?:.#gpl.;<............2.1....a.#Co..\...b.l..H.+.......1..U+..b...

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1367
                                                                                                                                                                                                              Entropy (8bit):7.805671779066865
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:c4Jl6uCp1AD5wxJEoLTGrjubed7gPkUl3g3tENyHvq+9xCdIIZBAlqIYK/Q:c4JlHfwxJjLTKjuegPkUiqyHvq+9xCuC
                                                                                                                                                                                                              MD5:EA7CB2CE805F51D83E019F830C1C6855
                                                                                                                                                                                                              SHA1:F4C6D90EA98FB875DA41B5849DFE8E7662802733
                                                                                                                                                                                                              SHA-256:BFB71B4CE18CE142D88C4F24810BAD4C497A56D46126376F42A8322CBCA5642D
                                                                                                                                                                                                              SHA-512:1F7CBCAB960E7AD408FA12677663F59B1BF8CCDF6021541F4AC8596C9EAC768E3A2A147BF3390F948DD4233DE85568F171752CC679C88CFF880FC99E23670055
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.U}L.W.........r......XEQ!.U..#mjbj..M..j,6.1.6.m..Mc......CZ..Mm...S....|T..C.......c.>...b..J..%..y.f~3of.2.....n%fK3,...D.V.9..XQ../fma.?.3....W.}.....P._.ddB....z.......a.>...O......*.d...S..f.K.....}..g......k...C..._q.f....S..s8..itv..q.@t..p.10._P.'6AtWS.Y..9.......SO...n...Wy..Cr..l8.GZ..+$....._..R..8..Q...HnJNBB...I(.GB.db.MOF...t.vz.......e.^..VT.|...{. q.D.,.3K...oH*..1..:>... ....z.......e ............|.M.NCEy\...,.c.&\y...J9l>..4.........%..<TD.M....x.J...+":9...P.u.....,g...g...wx...uXRqH..~7..g.*...,.d$.k~/F..v.."...g.........2.Cg..uQ. bf....}4.xK..E.$..m.X...?......?W.,.;.?...Q....../...(....\....W&.(..X....3..........E.I...v....ZJ.......a....0/-.....f.....~T..*90......Y.....kkU...dM.*....v...?.A.m'.6.A......)..f,.Vc..pk.h27M9...#...1...v.D..46b"J.Vo..jU.k..(....q.....Iy..J.q~.........qi.Q..H4Ac.O.....m0=...1s..;..#..H%!<.C38.5....zS.L..0...b..q..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 23 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1238
                                                                                                                                                                                                              Entropy (8bit):7.79950019325555
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:xA7ZvQo3QVTocgnL/3JssytwZrRlVblek+LFiiEY/rR6Ee8XD:q7ZvQgW8xr34wZr1l7+LFzX/rRgG
                                                                                                                                                                                                              MD5:19BCBFF4E3521B9A39DBE24611F7BACF
                                                                                                                                                                                                              SHA1:B25C9638AD238DD26B25948CEF66AE550FA0F027
                                                                                                                                                                                                              SHA-256:0F67571150B29838D1AEFFEF30992C334F6B8602F756ADB6316834D3EEAF5F36
                                                                                                                                                                                                              SHA-512:925B90495E3FCB02BBA4A39F4086A2B1BEE4EF94C12B2743DCD5462993BFB8F26E0DB575EF02A7AEF68776CDA0658F8908D53A3421F1803A61E308B2DBB9155F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............6s7.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...hIDATx.T[lTE.......-.lw.J...^Dl.m .......%.h|P..c.......b$61U...bI..I.1.(.X...{....v...=..qv.)..$s...7....~.9.jJ.1..F.......`.NO....l3p.@r...[zYM.W.%1.$..WIey7.z..{.!.S.D'..._..7......d9.....[..7L....wK[..V..A:.t....'y.E.1............C..?P..0..L..y...w.`.p...m..z...og.Bj.vf.zi...U.K...IXi.0A,.K..+.. .U` .).....R.N.....{Z.K.6..z.......=.e..r.....F.B.......i.3M\.Q.....k.)j=.T.w.\..J....Z..i.. .c?h.:.iE!2..P!...._D.+.....:.Q.C^Js.d....L.:..)..r$.C .4..B%A.6......d..M....qK.%.1.......*..1Og.N.l.....F..8...#.3!.dK......A.......fm..I....+.{..C..2..8k4...m.>rlu....8.c[...G...F|{.b...8..8..J.!u.,z....)6..%<.....n.wl..1......c..._...n.Y|....B...+!.........^P+...0.7.h.r.........Y.....f.}.._IUA<5(&..=[...~....15).5t sA..%....w......F....e...w=.?....;.^........H.w.."p.g<..a....TU.W-...Dj@p...j...R...d8'`w...i.g#...o@...d.....=]8.s.P.h.".R..0.GN..v.Ov.t.j..a.AX.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 18 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):929
                                                                                                                                                                                                              Entropy (8bit):7.687460890231212
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:OCUTz8SYHqOqPsByTcAkfgspIoNHWtqwu7g:OCUUS+qOqfTcfg5IHWtqwu8
                                                                                                                                                                                                              MD5:189F6656DAD19FBB14BC0643AFA99929
                                                                                                                                                                                                              SHA1:4B3AB63B2B8DB139230D4411AD6F488D129B0DCF
                                                                                                                                                                                                              SHA-256:C9B1C99DFE261335DCF5C3511E37645559399920779EEB864683DCE625D64B71
                                                                                                                                                                                                              SHA-512:DB1DF920B8DA9FC4581ECD5971715B7BEF466DAA41C0E8DA668C33B05CECB3A84DCEFF333E400BD0FF2F7FCF4C3B15DDACFAC6279CC8D1C5CD4C76FA6C0F75C5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............../\....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...3IDATx..;..U...}....x...v.l..(iR.A..R.........J..."..P.(@H...DAC....(.h!@.Gv...;3..=...{9..........g.(..a..O..>..J..5.k.4.7..v.eLJ.J...)~c@..L.......tFa&R..... ....{.m.^..-?...".!MS........,.n.'..q.3......Hg.Gj....J.p...8D7.Jh..msB.e.Pn../v[.N....wc.|.BG..*.'....Iy..R0.7.. D....PdM....s....c.j..........&"~...,..*...5.h...L.+.D|A..Q.#...t.......f.*...^.2;@..$U.a..m/.../V.........u.......)^5M..k.+.\.\k.9...k...w.w.W...F.y.{.Y...I...:..K.}....../T6.....d.t>...S..S...N.8....t.,....t...j....F..V..q....c...GA76.j...X@.V.f..Z6...z..f.<..P..`W.A.... |@..`..-L.w,.....!...z...7;XS.g........(...o.._'2.{..L....}......<(....E..C?pR..E..?.[..W=.t......{..`...s.3.9...g:.l..2.....~.H...!...!$...~......5..J".o.....?:........./G..C.xr..A.Oq*_.<.D.d..y.I.| .(O..0......._...7....6U.*y.~.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\images\WinksButton.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 19 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):990
                                                                                                                                                                                                              Entropy (8bit):7.729663010061948
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:PH4wl0YvPFamof2YiqLe2wJ1uJ0Y09GLgQKzogK:f4wrF0wt2SoJ0B9K3Kzo9
                                                                                                                                                                                                              MD5:EE3A4E0726081CC0F10BE3B607D34309
                                                                                                                                                                                                              SHA1:BE014BCBFD3C1A8EE845E3C9F64169486521FC45
                                                                                                                                                                                                              SHA-256:8E0FE3D5DE1260C418C5E57DDE3FA6B28BEE56D6B9062FEAAA1C0D816790E2F9
                                                                                                                                                                                                              SHA-512:9D90D6C5183CB1987C0546C15486246DD4F3BB8883112D1E4DFAC34AD3D6FD1482E29A35095D91B8CC3F68C03313A9B5FE444B5EE9F1CD80835D915ADAC6D8FB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............Db....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...pIDATx.S]lSe.~....s`k......]..u..#Fp...!$....Da...$....bb...ib...h.@.7...S a.`Q.b...u+t.Z..Y....wJ. r.{...9...C(.xV%.G..\6.O...^...?|...O>>........b!5...........I.....P2..k........T2....`ha..Dq$.N92..D2.4.c..2. .<M.1m......mq..9.kPU..GR..*...^0.....`.D....(|.`?3....dNY9..... .."I.-......+.N..w.3B.8...9.b.|.n.0..d.{p.....See.8r...wv.n..;.v.V..j.e2H..H..-..r.........n(.3.UI..........3.7=~...t.G._...N.. 0.]../....C.......&...v..).`gg.Tt%.Y.~.o....|..r.6CF....#`.....|.yt.lG0.".N5...G..u.F.G...`.. .x...~.......@..)....G..l.Z......q..2.x..gl......^.:Z..o.U...M.h.*+..o.....L....~$.+..........z. .w!..8~...@...}.:*[dt....D.^....:D.B.r.C........F>/Z.s%...$...0z6.V...u.....E.:k....p>.......p.1.um|J...l..%e.l..xF....=0...........Hd.B.(p8+.....6vq.....e.?.|....jZtt..O'.^.{..D{U52.........\$|.w.....O./.O..........,...g.\...Y&.9...`..=5....`..-wG...[....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):393016
                                                                                                                                                                                                              Entropy (8bit):6.826407049982154
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:DRU2DRRGOQ0ebQfMLkunuhoZ3Uq922DcNUzhqlxm+OCS6Cguh4s10px6fu0xQgg9:m2DRRGf0eUfMQoZZhZmxm+OGLu+s6pYm
                                                                                                                                                                                                              MD5:8A4AF3B0695F29186AD02E2FD766FA3B
                                                                                                                                                                                                              SHA1:C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C
                                                                                                                                                                                                              SHA-256:346F692DB61B1355DF431F58F0A9C4C6ED7BDF0C9AD3E2CAD42E0B3920EA44C6
                                                                                                                                                                                                              SHA-512:3C94CD08C21BCCFE66AA7C813C86F8A11672C0472DABFD12B699BB01B55741903CA73C8385F531DD2733EC70CAEE0AF3040C6B84F09F5B5E981BA12026CBB4CD
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).Gom|)<m|)<m|)<d..<w|)<J.R<n|)<m|(<.|)<d..<I|)<d..<.|)<d..<l|)<s..<l|)<d..<l|)<Richm|)<........PE..L...YK.L...........!.................2.......................................0...............................................{..(.......................8........!...................................v..@............................................text............................... ..`.rdata..............................@..@.data....H.......*..................@....rsrc...............................@..@.reloc...,..........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):107312
                                                                                                                                                                                                              Entropy (8bit):5.631599875472934
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:hx7TXEwPHT38Ty21h5GJtNRnhYJ+uUJpp+WSo4X/:P7LwTy85G7NgJ+F+z
                                                                                                                                                                                                              MD5:BB77228C327A99C353ACC35A0F334086
                                                                                                                                                                                                              SHA1:6C6C6CD1004B1D052F759F50F149B4DB72AB6C58
                                                                                                                                                                                                              SHA-256:07AE888C94A0A3AF0561953EB01C63FD051114226DBD2345F399625DA52F8C48
                                                                                                                                                                                                              SHA-512:CC2C3580FD0165CA6AE727E0582E5965C2B0B4B84125674DDA1FAB537B9A4741194E40E42BE33C5FF927A9EC380C93B244F9AD818494318E6FA92E0637BED551
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p..p..p.....p.....p..U...p..q...p.....p.....p.....p.Rich.p.................PE..L.....UN.............................,............@..................................G......................................l...d.......(...............0!..........`...............................p...@...............,............................text...t........................... ..`.rdata..<+.......,..................@..@.data... ...........................@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1860
                                                                                                                                                                                                              Entropy (8bit):5.392371898016726
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:3SlK+vU6g49Pd09kkKKMzEAZ09kkKxrzVHNw09kkK3zY:Clt8CtdXks5ZXk8pNwXkK8
                                                                                                                                                                                                              MD5:53213FC8C2CB0D6F77CA6CBD40FFF22C
                                                                                                                                                                                                              SHA1:D8BA81ED6586825835B76E9D566077466EE41A85
                                                                                                                                                                                                              SHA-256:03D0776812368478CE60E8160EC3C6938782DB1832F5CB53B7842E5840F9DBC5
                                                                                                                                                                                                              SHA-512:E3CED32A2EABFD0028EC16E62687573D86C0112B2B1D965F1F9D0BB5557CEF5FDF5233E87FE73BE621A52AFFE4CE53BEDF958558AA899646FA390F4541CF11EB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.4148" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr90.dll" hashalg="SHA1" hash="98e8006e0a4542e69f1a3555b927758bd76ca07d"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>+CXED+6HzJlSphyMNOn27ujadC0=</dsig:DigestValue></asmv2:hash></file> <file name="msvcp90.dll" hashalg="SHA1" hash="3aec3be680024a46813dee891a753bd58b3f3b12"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:d

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):225280
                                                                                                                                                                                                              Entropy (8bit):6.034450906226583
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:P5wveocziNzMLSMOYscmuW0AXLiLR4JpA86Goao1vJU87/amFYw8fF01OyAILH:hwyOMqcp3AXOLR4JpL6ft3/amiX2OyX
                                                                                                                                                                                                              MD5:67BDB40FBE6CECC320507161B58D134A
                                                                                                                                                                                                              SHA1:11EC8313BA20E96A0F776A018586CC127A451E16
                                                                                                                                                                                                              SHA-256:A15EAABBE6C32FBA34C1CACD8C0F206C28A69A8B73E619C962D812AE7FA0F844
                                                                                                                                                                                                              SHA-512:687289C5740E5316ABDAEC56BBB6C0A629FC1F374B865A61F71AE3561738B42D3C31987E53ED0DBAED0AEFD357824303B0DD7527BAA81FEE2434A4BCDEC6433D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;...h...h...h..ah...h1.dh...h..gh...h...h...h.-.h...h...h...h..qh...h..vh...h..`h...h..fh...h..ch...hRich...h........................PE..L....LYJ...........!.....:..........Z........P....?x.........................0............@......................... 3..4....&..d...............................d...P...............................H...@...............(...........p...H............text...T9.......:.................. ..`.data........P.......>..............@....rsrc................H..............@..@.reloc...#.......$...L..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):569664
                                                                                                                                                                                                              Entropy (8bit):6.521726174641651
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:iZ/veMyZ137mSEWT0VkypLvgLehUgiW6QR7t5183Ooc8SHkC2eU8bw:iZSZ13iwJmgLq83Ooc8SHkC2efw
                                                                                                                                                                                                              MD5:B2EEE3DEE31F50E082E9C720A6D7757D
                                                                                                                                                                                                              SHA1:3322840FEF43C92FB55DC31E682D19970DAF159D
                                                                                                                                                                                                              SHA-256:4608BEEDD8CF9C3FC5AB03716B4AB6F01C7B7D65A7C072AF04F514FFB0E02D01
                                                                                                                                                                                                              SHA-512:8B1854E80045001E7AB3A978FB4AA1DE19A3C9FC206013D7BC43AEC919F45E46BB7555F667D9F7D7833AB8BAA55C9098AF8872006FF277FC364A5E6F99EE25D3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L...~LYJ...........!.....4...p..............P....Hx......................................@..........................P..,....E..<.......................@.......43...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):653120
                                                                                                                                                                                                              Entropy (8bit):6.883968356674239
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:shr4UC+UumMaIYE8EoPP1cI9xPP2OKDL9QXyG2pUmRyyvRt:cU9FNPPbxPP2OeL9Q2pUmRyyvRt
                                                                                                                                                                                                              MD5:7538050656FE5D63CB4B80349DD1CFE3
                                                                                                                                                                                                              SHA1:F825C40FEE87CC9952A61C8C34E9F6EEE8DA742D
                                                                                                                                                                                                              SHA-256:E16BC9B66642151DE612EE045C2810CA6146975015BD9679A354567F56DA2099
                                                                                                                                                                                                              SHA-512:843E22630254D222DFD12166C701F6CD1DCA4A8DC216C7A8C9C0AB1AFC90189CFA8B6499BBC46408008A1D985394EB8A660B1FA1991059A65C09E8D6481A3AF8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L...yLYJ...........!.....\..........@-.......p....Rx.........................0............@..............................|..P...(.......................@........3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):882
                                                                                                                                                                                                              Entropy (8bit):5.243214210906668
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMHdoIzORX/qTGL2i/8FoefZv6jurhySwcdNJDakw2l1fXqE3BqEMfhqjIMcGIMm:2dVzQX/tVOxZv66N7aoJqJ9GlHSd
                                                                                                                                                                                                              MD5:D9D2B6C50E8C263085E339C56A9AEFDA
                                                                                                                                                                                                              SHA1:B2124E53E11519DC3CEBF148B408518A00B8F099
                                                                                                                                                                                                              SHA-256:CB0368C4FAFCD1DC79B5EE240420523345CA52EFB5578B5D50DD1A0CCDEF1F3F
                                                                                                                                                                                                              SHA-512:A7F81A4FFE9ABF55C6435F1910A1FADBF84048744A9E424DD1EC652DE3CE00842812CAB038DD870911BD44B4C040B6D8FB129AB49978C8F19682E43845C9C2F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.. @version: -->.. ..Levels number index:..DEBUG = 1,..CONFIG =2,..INFO = 3,..WARNING = 4,..SEVERE = 5,..CRITICAL = 6,....ALL = 0,..OFF = 7....MinReportLevel - the min. level of reporting; ..MaxNumberOfLines - the max number of log lines to show on the window..-->..<Main>.. <ToolbarLogger>.. <WindowHandler MinReportLevel="0" MaxNumberOfLines="1000" WindowHeight="600" WindowWidth="400"/>.. <FileHandler MinReportLevel="4" MaxFileSize="20000000" MaxNumberOfFiles="1" FileName="$data_dir/logs/toolbar.log" AppendToFile="true" Unicode="false" FormatXXX="Compare" />.. <MemoryHandler MinReportLevel="0" BufferSize="1000" TargetHandler="FileHandler"/>.. <DebugHandler MinReportLevel="0"/>.. <Logger MinReportLevel="4" TargetHandler="FileHandler"/>.. </ToolbarLogger>..</Main>..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):202
                                                                                                                                                                                                              Entropy (8bit):4.990571735951617
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCIIUROELA/dFSzLrR4j3UbICmW/IE/5QgIQ4VGEDhINPy:TMVBdoIUojlF6XqDUb+054VGqSN6
                                                                                                                                                                                                              MD5:D9E8318011E4E94DFA6FD8A4511BEBD0
                                                                                                                                                                                                              SHA1:E4C475423800F14CE32CBD8184F86ECFB9265C4D
                                                                                                                                                                                                              SHA-256:01410434F72008E7DFF5E6E44559D83681168F4CE074D6FEC1AA26142C4901A8
                                                                                                                                                                                                              SHA-512:6A5FD8D12029D577D28E780FEF1400949383F5C9776A77BDD0C34D8BB64DA8BAED8C0F9064D2E26DB77BD7B3610C93A1D5C586E290591298AA39D8732C9EAF98
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->....<Main>...<ConfigFiles.. LoggerConfigFilePath="$install_dir\conf\logger.xml" />..</Main>..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):130864
                                                                                                                                                                                                              Entropy (8bit):6.005575486286837
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:njcHZ0OGJtQM0SGWbh+Vte7yVduhU+9XzLFOt2dA4Erl:njGZcjx0SGWbhEeaduL1zLFOt2dAx
                                                                                                                                                                                                              MD5:6A26BF6EF74C909418830CCF21B07030
                                                                                                                                                                                                              SHA1:67F5FF90CEF520B9F2C20F4B8605D9B44F50AC20
                                                                                                                                                                                                              SHA-256:953EA239FA2BBBC12E74E2BCF09F406A1664FB6AED29528172E79CF04285EDEC
                                                                                                                                                                                                              SHA-512:7B1DDB4DBD66C349570D42DF508D3106E68568229D2F852727D2DC2A9E96A9BB38C43E949DF5B5329F3454FC89856918C57DCFE84A922D6A87EB18FB7054B447
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._ug.............[.......l.......l.......l.......F......<.d.....<.r.............l.......l.......F.......l......Rich............................PE..L.....UN...........!.....:.........../.......P............................... .......q..............................@...................................0!...........R..............................8l..@............P..h.......@....................text...j9.......:.................. ..`.rdata..TM...P...N...>..............@..@.data...............................@....SHARED.. ......."..................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):128816
                                                                                                                                                                                                              Entropy (8bit):5.770141765252759
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:Ka6s7R8pwTBkFLQI9R9CBZ35D/1hItb6o5p/tNRnhYJ+uUJpplzo4G/:KIKpwTiFLLGZulv5pVNgJ+FlG
                                                                                                                                                                                                              MD5:D75FAE09ECE929C91DE64F326661EFA6
                                                                                                                                                                                                              SHA1:9DEF40DDA676B2AF2E7A5C075E6FB00F791FC63C
                                                                                                                                                                                                              SHA-256:94DDE703E51872DE3B57D7FF7AE4C44C41BB37EAFB5C2AA7CC626BE7CEF2BFD6
                                                                                                                                                                                                              SHA-512:EAFD1338DFD45173D36FBF4B52E2A9A5E4D119B8A4E97235A7DF71C523C2A934BA884CD30247FE06DE70292729B4499C1D1BE7A1FA51440EE8078F076EAAD1FE
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................e.......s.......c......;...............t.......d.......a.....Rich............................PE..L.....UN.............................H............@.......................... ..............................................D...<....`..................0!..............................................@...............X............................text............................... ..`.rdata...5.......6..................@..@.data....-...0......................@....rsrc........`.......$..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1299248
                                                                                                                                                                                                              Entropy (8bit):6.109883545755318
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:cFCnTyH1ZFume2Fv4LxB/R/e0J2JUbVf9fFPA1:pTo1ZFi2FALxX20J2JcNA1
                                                                                                                                                                                                              MD5:0CB54F3AF8B0596F2010BBB1DB889530
                                                                                                                                                                                                              SHA1:B6F7F82B2743148AEEC55C8FF2D636CA8269AE04
                                                                                                                                                                                                              SHA-256:14B2734265B205E9DA3E4D8E46F2D4677007CB8C8627C6E5937CEC95C631FDA4
                                                                                                                                                                                                              SHA-512:E72E538CB70760C4E4689D9D7114D62873B129355E96F2FD783B7D6EFD5B6C7B5CF71E4C02A63E4DF2A40DF9328915FAD15903BF6C5910DE7FAD384AE8C7AB8A
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.............................................S...... ........S.........................!...........................Rich............................PE..L.....UN...........!....................................................................................................................(M..............0!......(.......................................@......................@....................text............................... ..`.rdata..p...........................@..@.data............l..................@....SHARED..............:..............@....rsrc...(M.......N...H..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):115504
                                                                                                                                                                                                              Entropy (8bit):6.523186815271148
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:DXyjUuiHSwX7M2ZNmt86TyQUvXdj5sveW2qd92ZmN4x5a88cN6D0mo41:4ipLNmDyfZBW2qd92Za4x5agQDL
                                                                                                                                                                                                              MD5:5042FCC1013AB8158D934AAAD1C20197
                                                                                                                                                                                                              SHA1:0B1FEF9F8C1B60BFC7083A5B956710AF30A921C0
                                                                                                                                                                                                              SHA-256:3DBDA9698E04CF1B009B4B057715AC8658E126C8AEC1702A547CDC376B77C614
                                                                                                                                                                                                              SHA-512:2FFE2D1967F7B9AA6496329DA539D74AC02BA5F0DD78AC3FDEF1657D4A7EAD143096734AD6D1C2193EF4A1472F09975E92908A7AF0609233507D0D0357CC6ED6
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'._.'._.'._.h._.'._._._.'._._._.'._._._.'._..._.'._.'._.'._._._.'._._._.'._.u._.'._._._.'._Rich.'._................PE..L.....UN...........!....."...|......i+.......@......................................".....@..........................}..\....u..P.......0...............0!...........A...............................^..@............@..d............................text....!.......".................. ..`.rdata..<>...@...@...&..............@..@.data....1...........f..............@....rsrc...0............|..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):279856
                                                                                                                                                                                                              Entropy (8bit):6.517008530261805
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:dGfLNeuutXeC/ww4UBBEwA0Y8KWKQrOwjkRcD7ZcMY7EHuyfS4QOt8IIHZHL34J7:2qtF94UBO8T7qbu/S4QOt8WYm
                                                                                                                                                                                                              MD5:F419380C797685B26BF309B7D8560585
                                                                                                                                                                                                              SHA1:D23B979D5015A3C48121BC0D001C5959F28FAD47
                                                                                                                                                                                                              SHA-256:831C428E705E82829F596C2149B7E02E335E9407B4B7D1A7560BC6B0144F9747
                                                                                                                                                                                                              SHA-512:FBC383CB381D96889531CF469DCED4D6E3CF615D8467F977953D9E9B325D89FDABE42BA6BE6D07566D98FBB4ACC09D7DFAE9C699C98EE3532FB1A007AADFCF75
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-...C..C..C.....C.8....C.....C.....C.W...C.W8..C..B..C.....C.....C.....C.....C.Rich..C.........PE..L.....UN...........!.....x..........&C.......................................`......................................pG....... .......................$..0!......,5..`............................... ...@...............<............................text....w.......x.................. ..`.rdata..$Q.......R...|..............@..@.data...............................@....rsrc...............................@..@.reloc..LC.......D..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):55600
                                                                                                                                                                                                              Entropy (8bit):6.530763806702505
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cahdQ0oi9d14BUHiYtVq0z8OoEwx6G3aMOxEuqsnvOGNUIXGNAnNbEVPmF5DKkK3:F9nJHj77HRTE0F4kK7LKOyRJoQ/02o4y
                                                                                                                                                                                                              MD5:6361FDE630AAEEF88C17F4F262573C73
                                                                                                                                                                                                              SHA1:67F218081158151503E298268D2F258F3B11C671
                                                                                                                                                                                                              SHA-256:5B9344D7452B8D72CFAA28DF310A08FFAFEACF897D9A3D44E9E5E24228F8F233
                                                                                                                                                                                                              SHA-512:188459CD024B7F7E6BF45CD5A75336DAB1EEDF89DD7307EDCB7E2A65F00AD081B4A89DD74CC54951AA684EF252060481727EEC62BFC41F3722C0C5DBC734B9DE
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.{.:..G:..G:..G..G;..G3.G;..G3.G7..G.SnG8..G3.G3..G:..GL..G3.G<..G3.G;..G$.G;..G3.G;..GRich:..G........PE..L.....UN...........!.....`...T......._.......p.....................................................................p.......l...x.......................0!...........r..............................pw..@............p...............................text....^.......`.................. ..`.rdata...=...p...>...d..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):153392
                                                                                                                                                                                                              Entropy (8bit):6.614181708729449
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:PAHoxIbTHyKoNbrbu+IRdG4wUz7kLyZlmPx4uYpcOmjZttBzt:ChTSKkbrwRHkLMuYpcOmjZP
                                                                                                                                                                                                              MD5:556D7E28E575983D03B78AC2FD5FFDB6
                                                                                                                                                                                                              SHA1:41FAB98B142F801FE3C70FEF8021EE492AA32CC8
                                                                                                                                                                                                              SHA-256:D9DDA1B3E256232DAECCDF60C4617B3EF04C0DB389EFF9A471E1214E15CAA92C
                                                                                                                                                                                                              SHA-512:2E96ACECCB7B0A337EE1C08D5BD2647CCABFBAD9F632E24FA1117BE4CB573BD84EBE3B472D72D5B439A965EBCB1A1A24D7E6C9AD951B03448C5EE92314D5B877
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|s..8..\8..\8..\.]+\9..\1j(\9..\1j>\4..\...\0..\1j.\=..\8..\...\8..\:..\1j9\1..\1j/\9..\&@)\9..\1j,\9..\Rich8..\........................PE..L.....UN...........!.........X.......................................................................................................P...............6..0!...`.......................................................................................text...d........................... ..`CODE....$....0...................... ..`.rdata..............................@..@.data........ ......................@...DATA.........0......................@...BSS.....i....@......................@....rsrc........P......................@..@.reloc..X....`......................@..B........................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):40240
                                                                                                                                                                                                              Entropy (8bit):6.256023899515359
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:yP1Ar0bHg86igSN7aPN9e+AZZpJyL6lcyJuEUjDqb70rLFm4n:ydAr0bA8ZgSN7aPN9e+UyL6lcyJlUjDn
                                                                                                                                                                                                              MD5:FB1B0C6484BACACA79C1CC57C8B6A8BD
                                                                                                                                                                                                              SHA1:80CF65020779EA0D883A84974231E3AD9BB05A37
                                                                                                                                                                                                              SHA-256:16879B8B29F3E4142D71D0DF99BBB9F3BCF68E0A3881780AC7D949CF7FFE6C52
                                                                                                                                                                                                              SHA-512:A35E79765116B5855098E3A8BC7147F2FC132B8167BEAC52E3EF997AFF4C4343F80C6B8271BA86814EE915701B7FF2FEB66E1295BE4229A66E3E07228F02F407
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A..}A..}A..}..O}@..}H.L}@..}H.Z}O..}f5.}E..}H.J}F..}A..}q..}H.]}R..}H.K}@..}_.M}@..}H.H}@..}RichA..}........................PE..L.....UN...........!.........n............... .......................................................................$..Z...|!..<....@..x`...........|..0!......4.................................... ..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...t....0......................@....rsrc...x`...@...b..................@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):48944
                                                                                                                                                                                                              Entropy (8bit):6.435109554262982
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:EhI5gxOAxL7zUGTKSLTbfp/VzwN+UaJOtn8WUYpDWhFWYf5QnDLFm44g:EQgxOAxH4GTKW/GNAJOtUhUQ5Wo44g
                                                                                                                                                                                                              MD5:D0683261FB568C7DADB4B3D5AE8E4C1E
                                                                                                                                                                                                              SHA1:DF1E6FF511529CC9E481067D166193FE8E060ACF
                                                                                                                                                                                                              SHA-256:9F34167385063EB90838F5FB9407135456133331D582E5C106D200B96605A2CE
                                                                                                                                                                                                              SHA-512:015D17B885B7DC282E3ADC3D65F3C8BA97BB324F7D505755F98ED42B3598B0CB4DCDAD4EC1A6DF55630901D46E6A44F468B67E12D54FD120ACBB0ABE5FD05242
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 22%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..e..e..e....P.d..l.S.d..l.E.h..B@..c..l.U.b..e.....l.B.i..l.T.d..{.R.d..l.W.d..Riche..........................PE..L.....UN...........!.....R...H......9T.......p..........................................................................'...............(...............0!...........................................v..@............p...............................text...@Q.......R.................. ..`.rdata...3...p...4...V..............@..@.data...............................@....rsrc...(...........................@..@.reloc.."...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):61232
                                                                                                                                                                                                              Entropy (8bit):6.506542407066868
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:V0gR6lTXvMzo5aRp7SCUuBHDVkMQk7O1sCPUyTo4M:egpzoOeCU8HRkbk7O1sCPUy8
                                                                                                                                                                                                              MD5:EAA88240F201E655772462156931A703
                                                                                                                                                                                                              SHA1:1FA090B96CC391C0E695FD0BCC11CA2DCF078837
                                                                                                                                                                                                              SHA-256:0283D8512AEA672894BA4BBAFF5804C3A531D6A1A91A0CC8F1AE7B267FE46FCC
                                                                                                                                                                                                              SHA-512:2B0AB65BE3E8C5DFAAC184350155970EADA045CB9D396BF91268C285CF607C50B424DC8CD631D67C3CB16AB913A4FC202534D55F4AFEDE0C58B3A337EC788F4D
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L..RL..RL..R..HRM..RE.KRN..RE.]RA..RkQ.RN..RE.MRK..RL..R0..RE.ZRE..RE.LRM..RR.JRM..RE.ORM..RRichL..R........PE..L.....UN...........!.....r...X.......q.............................................................................p...E.......d.......8...............0!......p......................................@............................................text...Lq.......r.................. ..`.rdata...;.......<...v..............@..@.data...<...........................@....rsrc...8...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1068
                                                                                                                                                                                                              Entropy (8bit):4.6785592084972905
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:RIi/5UBWDGXyS/+mBbjbBxj0h/uXNbv5Q9Zivf0R4JA7J9JQYM/:ei/mWDEO4vLoh/u9r5Q9ZivHO7J9JQP/
                                                                                                                                                                                                              MD5:37A92AC9643DF8287D000FDA83437FF5
                                                                                                                                                                                                              SHA1:7418CB17712B6315F14E27001B3EAA5B98556976
                                                                                                                                                                                                              SHA-256:B925DF28B1021889ECD078A86558F54031C8DE79485D9A4C7CE2AE992C3254A8
                                                                                                                                                                                                              SHA-512:8E735053C65554A7122AAE23C28D27E3E11E154A77F2EE391C8817CAA1FA1473AE81AD9582C63DA137D7EBEDA2108673D92809D3334D4A67921CAA8B9BB8B0EA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<script type="text/javascript">..function trim(str)..{.. return str.replace(/^\s\s*/, '').replace(/\s\s*$/, '');..}....function logObject(obj)..{.. for (var key in obj).. {.. var str;.. var value = obj[key];.. alert("key = " + key + ", value = " + value);.. }..}..try..{.. if (external.menuArguments != null).. {.. var args = external.menuArguments;.. // logObject(args);.. ... .var doc = args.document;.. .var window = args.window;.. .var selectedText = "";.. .if (doc.selection).. {.. selectedText = doc.selection.createRange().text;.. selectedText = trim(selectedText);.. selectedText = escape(selectedText);.. }.. .. // navigate.. // we don't have cargo in this, as agreed by PM (i-l).. var url = "http://search.sweetim.com/search.asp?src=4&q=";.. window.location.href = url + selectedText;.. }..}..catch (exception)..{.. // alert("

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4706
                                                                                                                                                                                                              Entropy (8bit):7.939609866150524
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTLTT3Aau8Z3pqoMN4t4qDhV6c:nSDS0tKg9E05TLTTHu8E4t4qDrl
                                                                                                                                                                                                              MD5:72C9881C090F7C954451691AEC0266D2
                                                                                                                                                                                                              SHA1:E0572385B740CAD95B8471A77CF1384A8A4EC687
                                                                                                                                                                                                              SHA-256:510F120EFE2F234C3662020143BC9F606EABCFCB80C901D53EA8BCA753A27E92
                                                                                                                                                                                                              SHA-512:C6A1B65EAEF3C1A3A49A53024F7E4AD898286A2AF8D779E6088B54E95C06616570D39CBCE202E48C59A05224AE41BF8AC66778B4248ED319E6F36A0FEF9FA2E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4513
                                                                                                                                                                                                              Entropy (8bit):7.923205264207793
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTJlJ0NDxK+muSJyXnmlqsOc:nSDS0tKg9E05TbaDxLmuuyXmYsOc
                                                                                                                                                                                                              MD5:A75E7B7FB7225134A01B01C6985086C3
                                                                                                                                                                                                              SHA1:C18649F3DC4CFD551CD861FFAFAB51B98B8CBCE8
                                                                                                                                                                                                              SHA-256:000D8E36A1D432D6F6C182D41DEADB3F3B051CC5C5B32AFCAC6B3A80C4D802EA
                                                                                                                                                                                                              SHA-512:590812B335FB7AC128AEB4012960377AB2E2FC1D03A1418287DDFE074874B9C12D0D76F021126EC7FB06668281C2E91ADB678DB4B3B49E612D3BE74E954DA52F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2910
                                                                                                                                                                                                              Entropy (8bit):5.102327707427828
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:ImMD4IC093zEtrut6DrnfLigw3yP/RG8JNnbRxzFatQthQtEiQh1V:SDhC+OnikRbRytQtaKiQh1V
                                                                                                                                                                                                              MD5:3EB2AA9C3DA3FD5A6307C05A62DA653C
                                                                                                                                                                                                              SHA1:22BD4928A2615A90F413E553E10747FF1E1E9E74
                                                                                                                                                                                                              SHA-256:0AE9858C98047CE3AC4D3FF7DE7466903A90AE7DCFB1F6875C0038937D037D37
                                                                                                                                                                                                              SHA-512:8B10EE9FE50F6E18561D7FD91A20F5D6517FBC10710F74769EFCE4337D129DE8E6235BAFB41882AB909FCE5A95A32540AAE3DBA97533B53DA61B272E93C82F9C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.. next line ("saved from url...") is called "Mark of the Web" (MOTW) and is used to prevent .. showing warning messages (see bug 1081). More info: http://msdn.microsoft.com/en-us/library/ms537628.aspx -->.. saved from url=(0014)about:internet -->..<html style="overflow-y:hidden">..<head>..<script language="JavaScript">..var g_objToolBar = null;..function DocumentComplete(toolBar){.. if(toolBar){ .. g_objToolBar = toolBar;.. var temp;.. .. // step 1.. temp = g_objToolBar.TBO_GetMessageById("id_msg_general_caption");.. document.getElementById("id_description").innerText = temp;.. .. // step 2.. temp = "Version: " + g_objToolBar.TBO_FileVersion();.. var log = g_objToolBar.TBO_LoggingEnabled();.. if (log).. {.. temp += " (with logs)";..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6
                                                                                                                                                                                                              Entropy (8bit):1.7924812503605778
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:MVs:Mq
                                                                                                                                                                                                              MD5:D48B2F639B5214B5D02E145D223F3C97
                                                                                                                                                                                                              SHA1:9A82B09288C5552B09AD22978AB8F6EC0D077B5E
                                                                                                                                                                                                              SHA-256:3B7B041D37D1D693C3AFE25D2AF7D56AD2EE7B98EDDB2CC1A055C1117E55542E
                                                                                                                                                                                                              SHA-512:FD213B33E1A3BC1CF1FA6B3F04BD73A9D168B0857A2971B352B91E0514ED934850B67ED9D6EB837147379B48855CBC63825AB8E9C25D69F8205FE296D18DD78F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:1000..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):974
                                                                                                                                                                                                              Entropy (8bit):5.256022101425163
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:sXTeysgIUnDKysgIadWhJty8jBq8zxj8+bKj3zk120SW6lR5CU5:sXTeEIUeEIwopjzKM120SWAjx
                                                                                                                                                                                                              MD5:4CD2844E6F473DF5AD9B71330813A4AE
                                                                                                                                                                                                              SHA1:BECD78947DDD4ACC10F8C0C136022F2DD9BC5FED
                                                                                                                                                                                                              SHA-256:EC57E90FB704E828728F97B15ACFE46D91FBCB74283CB4F0BC78666EB17622DB
                                                                                                                                                                                                              SHA-512:656FF1C722F9FC9EBE511BA02F6A95C11AD5D2585E338DC0E1302383AA3576D3FEA5D59DFF579AFDC373C97ECD35EE53C1DE3A92F0D35D354273E17AAC1A750D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview: 'name' attribute in TOOLBAR must be in basis.xml, because used by register/unregister -->..<TOOLBAR name="SweetIM Toolbar for Internet Explorer">.. the 'settings' and these 'url's must be in basis.xml, because used by register/unregister -->.. <SETTINGS scope="0">.. <URL id="firstURL" default="http://www.sweetim.com/installbar.asp?barid=$toolbar_id;"/>.. <URL id="updateUrl" default="http://www.sweetim.com/simiebar/download/toolbar.cab"/>.. <URL id="urlAfterUpdate" default="http://www.sweetim.com/updatebar.asp"/>.. <URL id="urlAfterUninstall" default="http://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;"/>.. </SETTINGS>.. expire=1440 minutes (24 hours) -->.. <INCLUDE_XML filename="http://www.sweetim.com/simiebar/toolbar42$remote_xml_suffix;.xml?toolbar_version=$ITEM_VERSION;&amp;barid=$toolbar_id;" expire="1440" layout="0" no_cache="0" local="toolbar.xml" id="tbs_include_xml_020834"/>..</TOOLBAR>..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1015
                                                                                                                                                                                                              Entropy (8bit):2.5591351559521294
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPf+ItYGmh1ISlgnFm4A3pO7M+39novgHzgzSHrC2p:6v/7ueG1fliFmDT++IHTR
                                                                                                                                                                                                              MD5:8222B8B77447C3C3B09718661CF1DE45
                                                                                                                                                                                                              SHA1:035BD2996016F77DAB0A5483E8675F74E03A7EFF
                                                                                                                                                                                                              SHA-256:C2205B371DC6133F97DC1A32E63E09A0A52673F0AFFE14A96ED17C2219C67886
                                                                                                                                                                                                              SHA-512:5566CEE0467C30722DAD83BD4A92A258C3EDA68189B00F9897185688351DE90E4070C0273DC50566A7CF15019962EBB6C2A421C933FDB2C95B39F4398BD57B35
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............(-.S....gAMA......a.....PLTE.....$..2..A..P..m..{.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!......pHYs..........(J.....tEXtSoftware.Paint.NET v3.5.5I......hIDAT(S.O[.. ...|U..o;.3.%.......y._........x[.A...UO..)d7Z'.&c."..|a[W"i0.s..6{.=.Q........ui>B.........V

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):337
                                                                                                                                                                                                              Entropy (8bit):6.970701773355069
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPE7fjnDsp1sY7H3jAKSDSij7V71hVr61vKhsFRcSgSFf6jEMTeup:6v/7Kf8J7UKSDSiR1DrUyhGRTXMKc
                                                                                                                                                                                                              MD5:A448EA6E4A5C93B519DB905DF8335E0F
                                                                                                                                                                                                              SHA1:45F764BAEEF94F447DD0FDE5F6865915583C58BD
                                                                                                                                                                                                              SHA-256:2FAF68C63A126B78C5DA668E15CE8AAB37FF13116C4ECE92BC804BDA3516AFD9
                                                                                                                                                                                                              SHA-512:7EB3E2464648632C3B0F202C80A296C1949574EFC2ED3DF8A6A581B80FB3DA7A30AEBAF436E31046A19812A22D044639B32762D68866FBDC71CD50BF99D8135E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...=..1...dr... .......p.v....r..^..3.^q.9.9......b.j...S2.z.z.z.b.b'%3,M..6m...8....t.....QB.z.l.....Q...}0. ......fPD| .P......r.A.@....X.?......4!}.rB.@.&..... P ...A...-@..O....8!@......I.;$.......uB.R|o.`.w..L..6R>7......`..X>........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):546
                                                                                                                                                                                                              Entropy (8bit):7.181439595953868
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Ys/UJI7RGJ8CkcYcM2MTLxcEtvjhhWmb:vxJtcTLGMF
                                                                                                                                                                                                              MD5:5E751DA58811E96F7B4948102BF7FCF0
                                                                                                                                                                                                              SHA1:28B94AED3B2BD5574A08A7A1B58279FED590CA21
                                                                                                                                                                                                              SHA-256:9B27EDD9BB20190986B53E9E1F69B2210EB804EC1C00F2477E0CA54351961BEC
                                                                                                                                                                                                              SHA-512:C2CFF798484173B31BF47570425976D734183B123CFB9DD024B6138F16C1F6AE8E9203F7DEE890BC94A7AEC33210632A80B4113AB2E0DAA3CC58C6EBDCD8D0B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....tEXtSoftware.Paint.NET v3.5.6..Z...{IDATHK..KN.0.E."....v....F.X.;`.l.&L...1C.E..+*..q...H|K.......P..'.....>N.6v......>=.z!......7.Y.1F.R...?.\.T...N5..\..\.*vV8..p|.....|k.U..B.......*.e.....b....,....2P..l.j..~.ne......L.-.....Z......T(4....5..`*..D..u.|.K...!kCc*.u)S..ZauY...>.j....^5.<8....cAU.P.*.`+e ..%...........5bg..1!....5w..6@....rUcb)w../3......S..q.......!.Ko.N..m....{AV..(...x....0z....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):869
                                                                                                                                                                                                              Entropy (8bit):7.682052140424539
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Y98kuDYROKmYScK0PcgApTJFgw5v8EzhTGMyag3hDZgWAo1OuASqi04MsnqO:vE0dSP0PcgApTJFg9EF+VeRoMsnq8zz
                                                                                                                                                                                                              MD5:9928A485489003BB67AB634119139128
                                                                                                                                                                                                              SHA1:BBDA96B1E426081EB2C5C94F490D22C3BF48D49A
                                                                                                                                                                                                              SHA-256:F34E980F778BF73DDC552544223DF8731B7C689F910E144C8210838976C02496
                                                                                                                                                                                                              SHA-512:D124CE92013EFCA6FF78551BBC36D2BA7F29C943859888FAE6D0CE8BFF0F096BB50E07AD01D24C51D3EF8AB0B8C66C1B5387CBE21D192104FC7FA5AE817C2699
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.VIL.Q......e..e."(.l.....Lz05..1..A.&z1.....D...h....#.Td1*Ke.....`.[:-.N....AZ...Lf.?.....D.QM.B..5RW.4w.S/...1.w0..b%..J..@\.R.....J....Ow.%i..*...Cl.el....F...)/p..K.i...Z;A.M.l+..3.\w..*Y._GK.R..+...-...u..>t.@.....*..._.B.C..CV..1..pcH;E'.. -.F.....Pe.`X;..b.)J..........!%..GG.0M...8Q,T.g......(ffL....R._.naE..C...`...o.z.X'...w....p..0.w..w..^#...7.v.%R...f..>@.......~.U..m......h.....8;..;.....L...u...q.....=....8.W..V.L.s..Hpx."..drp.z).:..{.w..K!.bz.E1...e.}@E..7J,..c...n.c."...K.`3..5.n.........`.M8.8.9O..]....#..Y...3!..{xI...u...7Aav"R....LG....#;.g+..dCc.C^7O..<...iu..h...~=t#F....#.y..%.N.8L..S.q..M..zn...O..7f>|..8'..'.`.........,\./...i(...f...D2.\:.-..cW*W...j...K.....R.R.........@j....h..>...mv.Z.\z..#..'1.v...[....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):819
                                                                                                                                                                                                              Entropy (8bit):7.6934816895279985
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vO6A1675+FmziAn73M1LQxLqBVj7k1yHj+4e:G6A875+EziAnrM1kLS+Wjw
                                                                                                                                                                                                              MD5:2A2390C7AA513435A05C840C56C6991C
                                                                                                                                                                                                              SHA1:84F34275B4F045A1547B49D1C18C6C8A1F44A4EF
                                                                                                                                                                                                              SHA-256:BFAFF84D2047D887954C6CB866EAD6AC775ECA5294FF81B0D2C46FD88736AAB8
                                                                                                                                                                                                              SHA-512:93CAFA78DDDC5FA02FDCC3329A7AB9A561086D6D0CAF55D2CDBA6EA809FF8095CBF37ECFA7410F3DAD20131D5829E0AD1D4407FABAC628392D64D7A0D138A39C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.V[H.Q....e.VW.u.XI..R*.BP..CF=...>.D/.I/A>.D...O.t.H...L7.2M].Z...,..k..ev.r:.h+.B..7..f.....9..HY.."..".l.L...jF...;.,...wQ.@....G.YM.......-*.6......[&V.0.Dip^..u......P38.h........:.^<...z...%..&Qf.N.X....A`c.o..;..q...v...8.}...y.].$N....%q...KK..G........0...4.P.ha.2......Y..p..W3N).M..IX.`.p......v3..g../.g......<.....e{....I.&......y./.Bum-..\....m.Y.a..BZA...8.:.L...*\a..X.....4...".......R..`B4..... I&.+....k..La...-.x...U.`[%......T.u...dq.+......C...j...}>.........xw.)...]K.f$j(.,.Il...nT..J.L..........1..c.6...H.f.u..i$.u..?...+Y.k.].....B.f....v...K...](Y..o.Ai#..}M$.4..K..]...T.lO..8.....lU3.<..FK..i...yE......".1..E.&.).o..7....'.'...=f.E&.81..N'.....Hv.4T.....[....-T..[k.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1993
                                                                                                                                                                                                              Entropy (8bit):7.425064439205079
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HitNn2VQJ31Fqax1dfz0MpIRIUo0opMct9:I2qFJ19gMrUK9
                                                                                                                                                                                                              MD5:421501848E7575CF94532FE52E8957E8
                                                                                                                                                                                                              SHA1:61BB83C50BF471DA60E8F00F3FAA2AD06F619184
                                                                                                                                                                                                              SHA-256:7EFD78E468AED9CC3192A4B8BEBDB69E4F8B77FF26A154E434B9C2E188A4C6BB
                                                                                                                                                                                                              SHA-512:6D96CB9BBB79CCCD959E522442DA15BDFA7B3672FFE1B6A3D1CAED332639B5B0990EACB410005F777685C7698C0A7860CBF13D9B3E01EC1D4F10002D0868472D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:D66FC75FB05311E0AB01B920BDB0B601" xmpMM:DocumentID="xmp.did:D66FC760B05311E0AB01B920BDB0B601"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D66FC75DB05311E0AB01B920BDB0B601" stRef:documentID="xmp.did:D66FC75EB05311E0AB01B920BDB0B601"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>h.r....?IDATx.V[L\U.].>...0....th$%$E.&..I...&...MIl....4.a..&M|D?Zc....Mcc$...........P.2R.....}..wf....!.c......

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):340
                                                                                                                                                                                                              Entropy (8bit):6.953213046047767
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPE7fjnDspTAkNUvHZQQ3M1dWBBYI+a2MIDFxZBGhEYPf7YfQ35sEghZOp:6v/7Kf89A1PZppu3anYcPf7YssZI
                                                                                                                                                                                                              MD5:8321DDE1623150EE3F8A842129DFE230
                                                                                                                                                                                                              SHA1:55798EDBA21E045923E9874845C9931A2C56E022
                                                                                                                                                                                                              SHA-256:44F55FF8BA6A17CCFC72ED3212E9E8AA8E858D72D61363EB02322BCCBEFE07E9
                                                                                                                                                                                                              SHA-512:36436047D2D761AC33E41C238473DE67DA10427A7E0AC8D1E1B0255001A98D9D567276CF4D65F26EFEF512FD76A58C2DAE96513A86214706497E5A58C0DAEF21
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..1..0........x..=...p.g.n...(... ..$m|..y....d.?^^B...m.@J.\G...U...LR......W.).e.L.PT..M...(x..Hb&.....1....!B(.B4...(d. D.."M..2..QB.B.H..D!..8.J..w8.J..{.!..xo1CD...3D...".IB\.E...,t. 4.,Yxrq...d...:.!.1.....L.....zz.e..v?.....Dg|..!....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):315
                                                                                                                                                                                                              Entropy (8bit):6.993277687660621
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhP8L5nDsp322BJgxezfPrIpTDzICjBGMrbZv6YXe0X+X+DQO8bp:6v/7btzgxezfPQv/jUayYOzX+sOO
                                                                                                                                                                                                              MD5:5A102F9FE237D8E23A3F508330A5FCD0
                                                                                                                                                                                                              SHA1:BB4A1B425F11BF70D6FCA61C862C0761AE6C8FD6
                                                                                                                                                                                                              SHA-256:BC6686EF9E34FE99FE92BC13EA7270D42C74E9D38483D9F148475855E3E76633
                                                                                                                                                                                                              SHA-512:C027AB73D33E482C804C8F3FC728156C06BE531E0BDF6DC4DDAB96A4838C1A8031E63238F48EF2E92A88ED2FAD27932507E6F3F6FE8385EBD4EE274E5AF818DA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............&.]....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....A........D.J#....x.o...*..!....BEt($z....pQ)...1.&..l&.".t..9...l.h@\H..S.I....J.Xh.fWj2uH......S.\...../V`....I.>E.$....c8H)M...V..%......wq0.<,|!.. ...-H..o.a.>..F+........SCo.~.`..}3...]m..;:..S.....o....AT.q}.+....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):886
                                                                                                                                                                                                              Entropy (8bit):7.714127843723636
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vl4cFLxScCciU3Czu4lGH5dAEU62QFeTKb0hQ79ezH/5G:b8et3CHGH5dH+QIObceUHY
                                                                                                                                                                                                              MD5:5CA13955A8511CE93E012E2DDB0ED8C4
                                                                                                                                                                                                              SHA1:FE043B89F999CD47B475E5EA30DF7C44F63CBAA4
                                                                                                                                                                                                              SHA-256:EBE29C03464706B35DB69A1934C3D69DAB0804E80E97577C83588A3339EA1977
                                                                                                                                                                                                              SHA-512:6DDF992FC7B999CE8044122B19C2C758ADB0B5E25E13FCD35A0FD20503608A0A804495DB6A9D0619AEFE6A7371CA3AA47DD6562B7BE2C6F51BEBA30E4E6F8340
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.._HSQ...nN]....E..z.4M$BS.zq.d....*......G.@.(.B..K`".h.$.C%.,5.t..9...t.........=...|......;$.b.ML$.{.....Me.0X...0...%.fJ.I ...wth.{..<.."aK..z.G...a......g.7..Z..JE..J.'.G..Al../_4D.C .f..I..?.s......_#..-.....&.D..{.`..%23..........&r ..r..%%.a..)Z>...C,"pL.s.."$;.*..V..]].-.A..Yf$..x...=.....ev...i8).3.a....E....g..Z>e...(...q....!4xl+.@..%.r.Bd........R.Q....BDK.P.p...(...q`Jy.........Q...q...H.s..4..... KLD.........6!.a....<".LXQ7..N1yX]W...Gp......0k.F,c.k..a.J.[.\<j.T..fag.......eh...2..s..l....eNr 5'....Ie)..I..}D.V.5b...F..(.....dZ.+..`.f%.....$.R.0.b.x.../..-c...[..4.~.>.....rSx.bi.M....j{.(.m....2j.....9#\N.|>..5;n..D.....(|HC....=4A!.Y..NGm6........I.T.a.f.bu.?....qX.h.Za....,.>.......!6..n.(..0.i....w;..p.....P...i~.0..P>.........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1021
                                                                                                                                                                                                              Entropy (8bit):7.742761940787856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vDnipSGoZaQwAM+7nrnbha4M1iDhBgRpjcHbn59DQAJ+5nB4V:G4GMairnbhD2tm99DO4V
                                                                                                                                                                                                              MD5:3FE859A7B4D95C2D04D7131DF51C4D57
                                                                                                                                                                                                              SHA1:84FA98BEC6D06FD6EDAFA5CBEC7B3064C2675401
                                                                                                                                                                                                              SHA-256:E32E3E903F877185662D4CBF2E82C167B5D64A3402496F326E44105B96119BEB
                                                                                                                                                                                                              SHA-512:F6B92B24D46C125B225AEE5792CBE92140D79AD7F2A6CE34F04A47E14C9C668569BE665689E337EAA55B3F31E36DEBEC3ADEF4040BC35BBD063A3EBCFF357460
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]L.U.....my.....,..2..X.Q...e".n\8?...t...d11#.W.xa.....W&^....aH..D...2..:h;d..o[z<|eq..kbO...8.........#.:{$.....g..q../m..Ua..`.x<)".R.8...i".P73......L^....1.5.'<1F^b..Ib1An..@.........._9q.......a.64........3.\.pM.Q4u.]./Z..U...L......[or..).H/8Y7$....\..P....j/Q.......3....6...Y...om......C.O/Qi.....N]|..\...R......}...K..{9y.+=@)6....TN&X.:.........G...Q.N.,....;.......9+.....-....:;.sWq!qc..H,.e..BL....t`s........r.#....5!..............O30.GR1t.'......R..x>..n...B..=.SOt...-.RJq.wm..TJ.. G.._.gz.....g...7.q......M.AU..d."..........?W..-....^@ &...8...G......".*aQ)u.g......vp...}...|.1..(...".....:....k...Y..D...A^....(.5...r...-.66WQQAkS#}..3...r.?..x....F".R,{...9G..^..:..E,.n.....F..p.q.+>.`U...^....^.,..I...1.r..DXY.bN..f.gff._....i......$..`.)..c/ro;..'.jw0g..H..d..x.........E.{....G..6.0.Y.53..J..5h.y..:z.%.~.^.2wG........R.J:.X....w?.!.g.._...o..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1663
                                                                                                                                                                                                              Entropy (8bit):7.223414888446875
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vh1hpunQWwjx82lY2T32HEVyELyJ3VZdbGcPYFmmyA0xlQVWSrG9jdXyhQRcc0Z:HitNn2VkJ3t1PCmmyAaqVWSrG99Tcc0Z
                                                                                                                                                                                                              MD5:4580C963970070BA36D4B24268039E85
                                                                                                                                                                                                              SHA1:207D566992D8D875729ED2812104509C989AC624
                                                                                                                                                                                                              SHA-256:BF73573EB7D41ECA8F8B085236021A8C3BBA4DD885C31A21A67CBDBB072410B0
                                                                                                                                                                                                              SHA-512:6428E0B5375D99AE91FEFEDD546D47657F0CEE67A3A7EA58467D347E077D24C03A519E3464FA59270FF4DAA81289D1836F03C434DA004BE10D4E531F47078CD5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:49DF915F923A11DF8A6680C405290A62" xmpMM:DocumentID="xmp.did:49DF9160923A11DF8A6680C405290A62"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:49DF915D923A11DF8A6680C405290A62" stRef:documentID="xmp.did:49DF915E923A11DF8A6680C405290A62"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>#?......IDATx.VkH.Q.~.6...[M.....ji....+..R........?...I....B.DDd.&.L......L..t.].t.-7.......~.9....U..H...di".

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):525
                                                                                                                                                                                                              Entropy (8bit):7.206210531551433
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Ys/UJIMN6YozKJd6ZVn23Hdn3Cl/qXYKveKN8:vxJV6Yo+Jd6Hn23HJChav5N8
                                                                                                                                                                                                              MD5:FD785C92E542F93F0C70F3BC90663128
                                                                                                                                                                                                              SHA1:A0EDE89F1C3AD5BBED6D8F94CADD70F6844F09D8
                                                                                                                                                                                                              SHA-256:E29BB4ED2D95FFE034FD8AE4BF37A4A0B25A4D3409748056759DED5DDA6B02F2
                                                                                                                                                                                                              SHA-512:3175F7DFE7734DF8D5A0846B6ADCEA8FB7CCDC812C3A90DEDFAD86F67499EA39A05F39411B5634683DE6018F294CB99A032FCE306EA9410BC3F00492691AB8B8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....tEXtSoftware.Paint.NET v3.5.6..Z...fIDATHK...N.0.E.~...|....%%.%......v. ...@.&...AB<W..p..l$.i..(..xN..dck7.(.o{/...%.3#7.t.6..ZF.......+4.3,.0]`........c..>}..G'B.>.E.....o.v..#......N...*\...c@.1.k...[....`$bb......A..0._....0..5..]%T....a-.@...+.m..i..@...R..aU8.)..R..C]R..Bi..%....5%m..N.......~...m[ ..F.W......".o|]B..L.>..!....,}X.7. )=./O._O.t"..#.t..U..!kR.^V/....`E...i.G7...J......IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):743
                                                                                                                                                                                                              Entropy (8bit):7.5996926414981605
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72rc7MPToHoGqKu6zTtfgCMIaTRxmpdTyy5aj2+GcUMZ4et7:3cZHoTYRGIals77aj2+GWD9
                                                                                                                                                                                                              MD5:DF01C158B06C58D724EC5E65F749A34C
                                                                                                                                                                                                              SHA1:9C119B8B3A322E8CCF32C72B61F75A87D5D2EEF6
                                                                                                                                                                                                              SHA-256:89E8C7E1DB5BB1AE4F1FF78B4BBB1713F5146F61F4E8AAC48EE2A01B3A342A3A
                                                                                                                                                                                                              SHA-512:EECEF4DDF0204632E9FE5D15E812DA3556B02E88076A3C7E62181973D45456D392621E8CD9074FDAF744590B520BEB9DC3FE8CF0FFBC634E843E28A3436882E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.l..j.q..gw].b*Tm.JHI.b.(...5.!.1.'..1.....B.'........b...6DS41..u]...........o......,............J..F..#M.~T..r.|.......V..b..yZ...mmm=Y[[;^YY....X,..`.NNN..~..D.L.S@..J..V.U. ..o.VWW?f...L&.x#5B<.............>............. ..g.F...:$.I..r.9.NC>...a3..@ ....a_.Q 0...S.. .N....N.\.%.'.....SU.....2........^....]........~.V.5.W..`...e....`c#....,/..P..L&......(..l6.9L..n...~..8....L...._*.....4.. ...Z....8.6...&...f&..(..M3..t:7.......+.J.T*....|.x..U.."."o.RU.............4M.......B5.n.......t....R......?;.v..m.&...x..X..\]....".6...............!..C.w.Y!...z..(~.q~.....8.v.TTD..@....+...i.T...I...s}~.,...B.^b60.......^..|......IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:GIF image data, version 89a, 47 x 18
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1465
                                                                                                                                                                                                              Entropy (8bit):7.691763199930813
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:zs5TKQjA2Zd2G354mga6kOKxiL/UES56t2lDgnZQ/BMtkIy8cpZa9:zQTKLS7aaYVEI2aZQd8GC
                                                                                                                                                                                                              MD5:FA0FFBE225B678531FF437711766055A
                                                                                                                                                                                                              SHA1:252C508CC7EF192668644C2E6F1CDEA2514B4ADF
                                                                                                                                                                                                              SHA-256:AD3C9FE80BC280BD0876288F87D0EAD395353080ABB0B51DEAE5015CC4A60783
                                                                                                                                                                                                              SHA-512:44F18795BCE4BFA963A748C2B851E3093D13C7C7D3B9E3AABFFD192D7A9A5FD21FE9A9BC8DC691ECF442295C482728FF5D24C49C9F1B3C497658BD6E3FBBF6A8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:GIF89a/...........b..\............WW...........L..z.......................lhA...Z[_$"!..fmnm..................................................w..K..-..9....LI7..o..........x...........b.....W..'#,U..M.....F......k`......v~...#..$....o.......<......vd.\an....&.....D..5.....5.........}2....j.....s..........'..7.....F.....Q..........%..t@@@....M..Y|x:..C..f........_..:.."...F?.....E..1afvpsm...ga9..h..p.............=........>...........................u..u........q,>.pu......U..X???.."...........NZ.Jb..z...G....v..,....oo........?.....u..p2Ax...X..YP...F..2.._..............cfT..Z..S..l.............`}..jv...{.#....?..%........t..F..x.........g..u..h..P..C.....................xsI.....u............I..X..@.."..........4.....<|yt....5...!.......,..../...............l@.....#>. G...T.9.H.F^V~....O/#(...q.F..\.x.I.&..O..D0LV.2.FDX.N...HgX..H.X-1.aU...5..Hqb......*6....0Z...j..~..X..uf.j..z........$....+.p.s..G3.sg.U.....z=.0....-h...fF.7`..Qi.....

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:GIF image data, version 89a, 47 x 18
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5815
                                                                                                                                                                                                              Entropy (8bit):7.566394685818254
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:acMz3t1a9ch+B2+EN1QO7eTbPGtPpbsmenY/hV3VU5ooJP5Q6SSsHK5M8Z:Rs1a9a+0/QwQG55shnsp65ooJP68M8Z
                                                                                                                                                                                                              MD5:529A553C5A89BB4ACCD6CC6E7C546AC0
                                                                                                                                                                                                              SHA1:EEF677B053E9325C915ED6C260C2A5C2377C383B
                                                                                                                                                                                                              SHA-256:12238DC1A6F9E13339D51144C2B6C77F56709AFD7289C68A66B62D7A81AC5278
                                                                                                                                                                                                              SHA-512:8909C603DD1A32A1770FBA861B8A497255AEB1CF90BD4E12EBFD2EE301BF3492CF4EA82ABBC370F0FDEA1C3F407D763FD7A6ACE89DAFB95E05F3C96AB78089C0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:GIF89a/................R.s..4.....w..&...&&)..................qq...'/R.......................klh...........v.............w.. ...@@=pu~yk$..........z.........................N......,.99..P.N......?.....<.....B..'.......qz...M....T...... .*..K..d.....JPh..Oc........[\^..............|RK(........5..W....vgmw.K.....b..@.....E...[.....m....N..m..lAM....p~...........\........S{vV..g........%.....D..............3......plT...........(..C......r..e...gaE..v..`.............k..I..\...{vA...7I......V...}...V.....Y.......K...lW...:...OSW.....n...4?d...PC.\ao.....Z..K............}zeGJS....0j_1...Zq.....v9..7........b.......b..........O..g..^.....M..e....S..........................._ua...6..6..d..K.....ooo..4.......i.........0..f.........!..NETSCAPE2.0.....!.......,..../.......)..g....5.*\....PP......D0X).....RHr@....Vi(.........a...4\l.. .).aIee..7}p.*..\-.l.I.5...7k..a..18)9h%A.TJ LzD....%.(H........fBS..|.|.K.P2x.R...Z..".k.KI..."...@...

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13036
                                                                                                                                                                                                              Entropy (8bit):4.648844852310925
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:kY/eWIc67favVz04sEmf0Em9ZyhcoCeprTdGGCgSTzZtF:LTIc67Sv904sEmf0EmgcoCeVSTzZtF
                                                                                                                                                                                                              MD5:4D61BE5C71C857C66263F445FC4C3CB3
                                                                                                                                                                                                              SHA1:03459E5D14A12476EC829FD58E0566F81B9EF122
                                                                                                                                                                                                              SHA-256:FA440D07C2258AD92927B6A1CDCC636922E725C7287288B304D6B3A33547109F
                                                                                                                                                                                                              SHA-512:98E0B410E686894A522DA27EC81D2932AB604F6D405E881C7F13E0C203320C6898DEA95A435CD05919FED48E9A3A4C5D050BCC9F0C89DDE1A92C5B5207D3D27D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:var g_strToolBar_Domain = null;..var g_objTargetFrameDoc = null;..var g_objTargetElement = null;..var g_bAnimated = false;..var g_strTooltip = null;..var g_strTooltipAnimated = null;..var g_strImage = null;..var g_strHotImage = null;..var g_strImageAnimated = null;..var g_strHotImageAnimated = null;....// keep name of "g_domains" as is, because it is used by QA to identify the list...// "live" use both "mail.live.com" and "live.com" (bug 1124)..var g_domains = new Array("mail.live.com", "live.com", "mail.yahoo.com", "mail.google.com", "webmail.aol.com");..//var g_domains = new Array("www.example.com");......// for debug only:..function alert(s)..{.. //if (true).. if (false).. {.. MainWindow.document.parentWindow.alert("alert:\n" + s);.. }..}....// alert with param of exception object..function alertx(s,e)..{.. var msg = "";.. for(prop in e).. {.. msg = msg + "\n" + prop+ "=" + e[prop];.. }.. alert("exception:\n" + s + "\n" + msg);..}....// sets

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3287
                                                                                                                                                                                                              Entropy (8bit):7.889386976712269
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTMOtScEAE1:bSDS0tKg9E05TltSWE1
                                                                                                                                                                                                              MD5:8D8E1593BA967DE591AFDDD863902AD3
                                                                                                                                                                                                              SHA1:ABCD264C43BDDFE62D793FB566F9E457FC50A543
                                                                                                                                                                                                              SHA-256:874E098C1CE4184079E1BA21FB4498EBD3019C3CC861B26F21586592D21B5C47
                                                                                                                                                                                                              SHA-512:A69E5D8507D3B1F063B0C6D991A28A46F70252C44942E16150106CBF6E537803F0416B6299E76FE29636862DD0D4D356FA87DD1032A515161ED3B7C4E0475649
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3287
                                                                                                                                                                                                              Entropy (8bit):7.891546537282907
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODRqVwJkvMG:bSDZ/I09Da01l+gmkyTt6Hk8nTUwCvMG
                                                                                                                                                                                                              MD5:A143CA61BD925BF5831EE74BDDDF1DA4
                                                                                                                                                                                                              SHA1:D0E822D6BACEA7F506481037176E04457D719DC5
                                                                                                                                                                                                              SHA-256:54B97C1D6C6F4D704D16C953FE100D4453FC5592FD9EF5AFB33260890FDB0618
                                                                                                                                                                                                              SHA-512:104544409128871B258B9623E942F07E37CF485C5A3EB3AF0EC8BC99E0D5C756D236F2F63BB267DACA87F6D2DCC0DE03F62C99AB73BC048A0660A80B87A3F308
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3084
                                                                                                                                                                                                              Entropy (8bit):7.883653072602856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODtMiqGi:bSDZ/I09Da01l+gmkyTt6Hk8nTtMiFi
                                                                                                                                                                                                              MD5:2441C1216B08D37666AFF709DC02B82B
                                                                                                                                                                                                              SHA1:0D7D930E67636E741BF2596C5C96DC955D4D5F4F
                                                                                                                                                                                                              SHA-256:55C9629063E18E102CD31FF21E24D7AC6B799CE876036FF9E60CC6D4F47284E2
                                                                                                                                                                                                              SHA-512:2058134A2DEEAFACF038A41EDBE6251797685EFCBCE04D0D19B78A92706502CAD8646D35E5578880B3CC29B6F46F618737292781FE23750C023EF6F6770D7C1F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2606
                                                                                                                                                                                                              Entropy (8bit):7.928462933428067
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:JvQLjzUvsiRTSf9RU3cC9XSgtj77GhfaZ1F2Xg++BCUj/8WmQiHn0V:ZQfw0iJuTocCBtSVavkXg+Kj/8HQiH0V
                                                                                                                                                                                                              MD5:74DAA0CE476533474C8F8A276E0CDE68
                                                                                                                                                                                                              SHA1:73324E3DCF8BA64012A92C57C438E570C1D90564
                                                                                                                                                                                                              SHA-256:3908DA5BDFBDF9CBAD729E45472F615691C836FE2FD46534A7BB8ADB63CC28B2
                                                                                                                                                                                                              SHA-512:F432DEFD3F7AF19E7F3732E6F812AE9872000E27B323BDB16F433FED7167D25F740F52389B801727492F541CE4604A2AE769A9E6276EC0FFD432DB45791934EA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..ytT...o..>.-..:.IB..I...).......RwOE..V....sZN...CE9..e....I...!1f..d.LB2..I2............|.}......v/...4..0@.i.Zu\\....;B>'...h....;F.....X,..Q..h4*".jB..F...3.z........Q....|.a5....gg.!k....GX-.H^!.3.....q.....#6.y..7<....|.........5.N..q....].._.......]|..D".P(..p8".......s..IY0.Y.W.....a.#7m"...........p5.9j\.,.:U:.1<'."..PC.E.f.GBp.......>.I.....x)h..%9Y..&.... ....k?r......jm.$..X.5...x<B..........o.|D.......O@.u...=.&.L.//[,...co..6.....p!..4....D..6t........V...~....T....:6..Y[ .. ...u....@..r.~czN....?.d.D....h.....=.[j.9.N.~.m..&..cJ..R.....%.G..+<..IfO.c..;....g.wU.E.+o........."..5.3.6.w.Z.x.}..............E.eH./...@.B..$..L.u.J{....-..'h.t^...#vx...1.?..3b....3.gO.i<.....Bq.t..4.....2.....O.G...ZuM...~.9...N.H.`._G.. .......O.k..Y..%.k*WV.c.C.u|....Y)..)|..I....A...7".?..C.Lk.lu..._<...m.D..|.xR....`o...{SY..d*...Q.Inz=A..z\.8...O.H.b.`^n..*6...S..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2577
                                                                                                                                                                                                              Entropy (8bit):7.9228821639390645
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:hdDuadk2E1miEeSCWdIzo6ISYYlWqZ0ns93C2fPhiGA5d:GUk2E1miEejKV6I5Y8qZ0nstUGAX
                                                                                                                                                                                                              MD5:CFC4E6E69EBF5A4D28842E6C01BE2B3F
                                                                                                                                                                                                              SHA1:258B5E2D2639876994EF21C4CF1923EC0FA467F2
                                                                                                                                                                                                              SHA-256:01050E26F3DB1F1E6E84514D5A090B1011CC61AEA7E5E2A708647984CC6C4648
                                                                                                                                                                                                              SHA-512:1BFE646263187320F47D5B522899513515AC69FCA8D1E5887E2CE8F0A21BB59BFF48646BE218A2BAFE10A6F969C9585EAB5A4CDB84CEEB7AD61C904FF1111672
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.WytSU.....Y.&M...t/....U\@..-...Y......G....q.....92v.AV....B[.....m..M..K.$}M^2...Eg<.5_./.{....w.P.P.?C..,.. .`^..%.Y.9=.6...ER..&............k....&.(....4<<.$..],.<..#.~$.;...i.fPd$........A.....1u.F.4...'2.j4l=..#O...).xx..................4M..Z..(.U#1.Y.S.OafAJ.o.._..........Z.ZB.n...Y..J&c.A/......S.a...K\.d..s...y..G)..!....GL.O......<..L.^X.....4.j.U.oD...<....`.k.Lu.[W....rc.*..Q{...;8g~.d..b..._...#..O.l"....O....#.......]...d.@.....7..B......)qY..%p8.`...sx....5.b.1.a..K..6..Di....[Ou...*..=.......]..#.Je....n..&F.+.x............o.xh....^......$.a.)..OO.X".1.w..o}^.....E....p...OB.!...F./.j>2Tph_.....S.>.|(.#..+&2=x....}l_...*.."+%.q..D....D.{..Bq.....g0..U..[...\O.....G.?Bp...s......T8...).A[.%.....r.N..Z,M~..'.....B.T..4..'..|.`.[VWT.?t..x.op...lg{w...^.$.1.*..g'.8<`.h..t8.w.g{.q...dB.&....i5.G...j.>T..9.....C.sy.j...k.....cQ..]..}..(...6..=..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3371
                                                                                                                                                                                                              Entropy (8bit):7.896512358734088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTMdfMVRfAQNq:bSDS0tKg9E05TOfM3fNq
                                                                                                                                                                                                              MD5:148C71F4C4A537A1F286ED3F40D39ADB
                                                                                                                                                                                                              SHA1:9FFDA4FBE2C432191B94A7E71A0295899513AC41
                                                                                                                                                                                                              SHA-256:AF8F54A2730DE3323D559A0D0D4272598BA2F13865C2620152AA4E78037E2048
                                                                                                                                                                                                              SHA-512:8B6B397BEC1DA5EA85E04DB3C0C4E6EB4F9DC4EDC1760EF5FDC62B970182BE4F2E61C391038F71D9F89583CCAF4786EE9CE6039C0E595CCD783C86636750BCB2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3386
                                                                                                                                                                                                              Entropy (8bit):7.896825357103357
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD++nBp3Eng:bSDZ/I09Da01l+gmkyTt6Hk8nTPBpCg
                                                                                                                                                                                                              MD5:BB74506C5AD084E016FC747C234DBB6D
                                                                                                                                                                                                              SHA1:1D61C743E3B4AD135D66DA9C9A83E037F3B582B0
                                                                                                                                                                                                              SHA-256:74E8A376483FD63AAF3D79BBAED2460C09BC105CE210CDA14C318E422BFDA6A9
                                                                                                                                                                                                              SHA-512:06C933E749432C6076BD3B1CE3B09FB66E93A948B4E37081D0527523C679EDF9B389E65EC84361EDA6F63184DE67F48F9949924F8045136982F6B4C29566CEC5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 30 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1400
                                                                                                                                                                                                              Entropy (8bit):7.816074724186005
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:A4e4wGwGyE1/9T5sbHQHL8+bztMElZd2+1Q6az/6Qh7zaOakP5SIok:PeTGwGyE3T5yI8ez/JWlh7zb5cK
                                                                                                                                                                                                              MD5:D220FC4DFCC9FE787ED7303420104E31
                                                                                                                                                                                                              SHA1:0418E6877FB8FD11EA88D475AEE481376791E73D
                                                                                                                                                                                                              SHA-256:EC60B9C434EAC51FF3BCCA593542C08C6402FC012D4454F2538A21326831A283
                                                                                                                                                                                                              SHA-512:3273F90788CB048BC762E3D65EE5E3BBB98DF6CBF62BD1EE4FD265E35F797626E87E4495DB4195F90602944C53874442A3E19A0659B917D8D1B27F74CD36D7FD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............L.n.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.UklSe.~{....uk;....tl..N%...F....ab..2.....1^...........C22`.....B6..e...u.9..........u9..e!./y..;..>..y.`...T....P,w... .1......V-.........m.w...%...?..u_u.e..'$L..T.d>.m'K.[..(......F.....#B2.V.q....'.`.._.\*)...'R.b.'E*tE.h5.T`.(J..._.[0..78'..3.A...A.....K..k{..-*..d.....Mx....!oC.+.p.....N..L..X.w$....F.1...0.........)...v..eK<t..:...U.f......G@.`...A...1j).N.\...OP....uV..y.nz......+....M2.=..2s....\......6{.f......@..~h1...(.(.p...>.|.$.u.4".M.W.@O...O.;..|....}.7t/.ZK.. ..r.e|x...`=....d...$tW".\..0..h..Q..r...b .S.....~..]..a.&.o/.cI.hk..FG..f.H.W.r.'K.\............/X......<.> H...$dX.....3....|..Z....h..i......pe|..Aw....`H..B.rW.....|>.....ku."U....v.a6..y...e..).T,..ZRSx.MuF.^g0@J,B-...6...5.....C$.J$..Ms.B*...k>..T.......9.p.;..<,.ss4.U........`.P,.....g..xKF}..EmId.. c...K3.....++..K...et.y.....Hgg.....7...#.Ry\..^...0&.c.7Z.Uh...=T..D.E........

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):793
                                                                                                                                                                                                              Entropy (8bit):7.684921658770102
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72L+8ffN73xEc7iY80H2s4+JYOTdyGvOjD4Msk2TGySxq79V4Ss7FYaYXXhc:RL+Ull7MWPdJTz2D4XGySxq7ASraqc
                                                                                                                                                                                                              MD5:9A8E0C4A0B83DB004B222364B924B0B9
                                                                                                                                                                                                              SHA1:17EF8169F78077741A085EFE5EC1AC1EA8B16249
                                                                                                                                                                                                              SHA-256:E7DCB87917CD57BC4C7DCD17CEFD98482CAB366BD50C6D40662ED43BE3A893CB
                                                                                                                                                                                                              SHA-512:74A4C0724EB397B5C75042E16AD1A6D9083983AE95F7CDCDE1180CC493883B2F7A30D281BFD8687ABF771D1D65D3D4AB0CFB2E9B608FEE5700EF7B48277DCCC3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............h.......IDAT8.m.[hSi...z..DA....`)..(....E2.`...S...8LR|..y..o...D.Ia&.8.^.jG.m%.....I$6.H...x................. ..o.....(H...2.dN-.".....x...'.....4..I...^d..k.q.N......O*K.EF..k.];S..{.[.D)s......%...0...`.3s.}...]...bOF.\....-...`=h..VdHj9..TW0.......E......[..`..-kX..%...)u.t....=.a`.9..0a......?..z.P\#. ]:..3t1.Lc..z..5..3...E....^..v..+s.1.`......|..%=B.TA..;..l.M..1..S...H.....Qy3..d;..-o.......... .5..4....!..$..9AE9.0...d..#?.nP\%.S.....yY.Q]..(.O..?..x.9.."*..C....D3F...b%...7.M.V.Zw....~.^.+.U...V?..l...*..c.Y.h.u..VY.*...e*d~.....5...h.I...m...W...D...n.CNf|.T|..7~<.#.....~.^?j..z.g.#I.P'.1.:...NOO..fajd.t_..}.../f.e}^..._...b.%8.*...GI.5l......O...0.+}4....._.,;0M.6..).Y4.;|.P..;1.%...MN.#6.M9I..(....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1745
                                                                                                                                                                                                              Entropy (8bit):7.314815266027697
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:oitNn2VeFhJ3FHrrVQzhlnk3GKpwn27D6Ac:p2AfLaojRDnc
                                                                                                                                                                                                              MD5:29BEB17AB2863BD566209A6F0363E40A
                                                                                                                                                                                                              SHA1:4AF239B5174F5E25336B0AC0BC9A164E9CBE2715
                                                                                                                                                                                                              SHA-256:E5F9594945671A6937C71D14E378B96EF0C34EDA4D60659E4E48592A83518B4F
                                                                                                                                                                                                              SHA-512:E54922346645A1C619AA5CA3BAB0D143F98488C0153761359271C316BD0815D1F939451F59F105308A6B6C5BB099C95CEE8BD65D0E6CAB16F2BC23E044549D4C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:2F685E1FB05411E0ADD0980960B53BD7" xmpMM:DocumentID="xmp.did:2F685E20B05411E0ADD0980960B53BD7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2F685E1DB05411E0ADD0980960B53BD7" stRef:documentID="xmp.did:2F685E1EB05411E0ADD0980960B53BD7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>../...GIDATx.$.[l.U................!....`Rm.$...S.h.W....$...$...`...b|....!.m..+......e...3;7...|sN.9...!.cG...pG..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):441
                                                                                                                                                                                                              Entropy (8bit):7.263740582002386
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Kf8jgyEj2P8FS9QDTBMT81y12ipZaPeHt2yl:bgPCZtMZRpIQDl
                                                                                                                                                                                                              MD5:ABC0D3126E3374192D280163CD64A915
                                                                                                                                                                                                              SHA1:689AEBC726A058619C882C10CEE1C8A76E140DD4
                                                                                                                                                                                                              SHA-256:A115FE15384CAAA4E2C9C87C633C20A207CF26DB897E620F8998EE9606CA1BB1
                                                                                                                                                                                                              SHA-512:476450C980D6021709F9D79C0297223D7915F26503E6E1A906D99FD26289486F210D1F47969CB127817838C8507D6B4EACEA15035796E799295D4694A079412D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<...[IDATx..1N.0...'.@ ......5.(.=C.N.........@......H]P.@b..HZ...z....''.>..~...E^. H.=.Yl.;.......e.k..j..'J..R..8L..<.GF].6DHd)....ja_..VhU.........^H.@.$I}}5.^H.&4X.Q..e..4..A+D*.....".,.B.PXAH....B.WY.R..E..I9..eA...Yc...,...^....mG..... d9!....L.....1Z.......,=..,*+. aBj.."...,...#...n.~:..,N.. gEH.eP...c.L.....P{...!V.#..|.e..........`.I.[...K....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):550
                                                                                                                                                                                                              Entropy (8bit):7.518461776810793
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Y98MmHtcwvnYmiWScjIQcmC1x7ATdrBUxwXPwGpMV71:v5mHtcwgQSqCHOdlXPwOe1
                                                                                                                                                                                                              MD5:87B61E927844B5D21E81A231456C1182
                                                                                                                                                                                                              SHA1:DB54BEFD79063507056EA3789764F06E0D6DE2C7
                                                                                                                                                                                                              SHA-256:1A688ECA22B9D01950F5B3BBABC13D28ADB277CFF62A4754BA5E8E45A9865965
                                                                                                                                                                                                              SHA-512:F8415500F190E2D5672568E7A8F863E68DCB5D1484857AA9DC02D8280C96A2255C14713892E0A9E3561B7F97482104ADA85634DF3C30F6D5E27CE6094D744844
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..-L.@....v.@.:... ..3."...`p........!Q80..B.6.C......l#.XWr.\.+ta.K.m.....{eC......m..r.Uq.C.1.,.......'...4M.b.".}.......^bA.).+...ZS..) ...U.\.....=...JY.b%$........)....k.&.......%.......x8.....K..'......<...lEh<...v...s.~..Gh..]Q<U.|R@g...!..x6wC%.,.W=.`n(...j.%...@....+.`Rh.L*.i..@..$.X..g.....(.....y2.......Rd..V..p....^~.s}..9KI....M+w..LH....`.....L....7mL.O...Dn.2i.....{..G...h.v../....N..4.3.P..N.."UU.i$..`...D}.0.=;...._*....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):884
                                                                                                                                                                                                              Entropy (8bit):7.668973919709582
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vXz06eYuild4b16tQnmKREBREgQ2PeeM0Vz4AQTfRdN:/wiJXqmlQnAAh
                                                                                                                                                                                                              MD5:8D254084A161838D1C97C7E2CA454E24
                                                                                                                                                                                                              SHA1:6B11B8932198AA54771DFA7BAA8BD360276ABBC4
                                                                                                                                                                                                              SHA-256:5567005E32CF4D2D43AA652C93AFF7481D83F02848B3706317B87E430E3D5F43
                                                                                                                                                                                                              SHA-512:1D7F000DF38ED3E796679E24AE019ACAEFC681786F8D0550A43CF940085B91D53C277DE9818010A4473DDC706D8F30D15FBFFE375B7B432D4DE00A7C57E2817B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.VYHTQ...3Xj.....i..F.FV..D.a.Q.i=.E.-$...shQR.V....E.2.......8.Qg.9]5}...>8...s......x.v..%...wJ(+~..G#.......Q.X.i...f.@...:{.8.2^...|I...r...m..`.d..].N....2.z.....vYq....P......5.Z....q....%....R..})e.n"z...K<.-.,cE...HM3..+P.FQ..e.D&..$h..t...R...W...|...I.......bD.tb..."..c(.M.....n81..F#5.."B<..........Tv.SZ.....`..`....V.,...\......:L...z..Uo....u;cO..b-t....G...D.U.l.D..B..|D.........`O..3c..##B.R...5......).....g.'..-.,..3....)a...p2.?E.T..f..;T....Q]....X.....Z...f..c...._.q&.e.. ....i..&=.i..-u..|..m.^.a.(.V....2s...a..5.Fd...7....&y....d.#iG...t.>yI.=.....1.-.oz ..J.P...<..";...].....pf.....`a...?z.$&&.S./...5..j+.K.3......d...Z8........u-."...._~h4n..UJ....~x.r.=..........$.R..Q......cH..?.@....J....}b Y.C.. ^..}D..`.M..,`h.D....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):832
                                                                                                                                                                                                              Entropy (8bit):7.691671953917233
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vOHLejMP1lBPOpZgZcfLoxvZprrBejhAwK0O1t:Gr1vmzoxBprd3wcn
                                                                                                                                                                                                              MD5:44249A5AB528EB13DA75265CA25F86A1
                                                                                                                                                                                                              SHA1:3240292B8667202AE2E90807B9A3369D2E72287F
                                                                                                                                                                                                              SHA-256:9F9018AB98B9C67675ED7F634FEEEA425178FD798A5170EA23449197167736C9
                                                                                                                                                                                                              SHA-512:BDC96FF8F51A56024612B408D1248B2AF1368F851E8611007D8A25029F978EB09CC31A89008CE0247CF9B4C4AF46ED1E5E848E175DCBBAEE63908DBB33BD65B6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.VMHTQ.......lt.7>3F*lQJ.......U..pQ m".6A....6.r.A...+)....4M.....L...q~...}NC.:2#8..sy..w.s.9.. .'!R;.K..`6]s4BH.|.}OM.0Q..0.....A)o.IWL5.P:S.p....P..dRN...m.i.......?AC.S.5..U.C.....T;&..@+9..?.....X5.?.d....@.e.>.T`k......r......z..|s.p.,...7....R.hm.<x.83.2...9..M..t..2....Y......S..h...S.)...q. ......7...-....[....!..@?.....j..7.X..Mb.......W......Y0..|.d...EQ.. ..x?.:.....3\..#..i....!HR>D1._..QT........|c .`Q.41..u...aW..G.c..<.u.`g......P..6..b.(..DP..|.\C..=.<`..z>..N....io8.v......LM..%;..wQ.2.Y.........G..x0m.@....0\2......j.j..I.D..F...c.n.T....C....l.6a..hC.:..YW...,......RV.......R.Z..(N.......S3<...k.#jn:H...... L#.-I..fsR.A.f...O.7g/r\..F*.8...n....(..62.kZ.. bMz/Q....A.[;..V@....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1953
                                                                                                                                                                                                              Entropy (8bit):7.366577823911159
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HitNn2VSJ3MYKa6hwcPopGCx+lbvqVaUBdjC2zT+U2:I2tYn6xPoEx7+aSFjzSt
                                                                                                                                                                                                              MD5:912DB0DBDCDE9B1F1CF911CF92DCCF98
                                                                                                                                                                                                              SHA1:75E20787B2BC31463C4F94A271B46535198D74E6
                                                                                                                                                                                                              SHA-256:6530D068D0DDE4364D020286A5FED909BFF7D5607AE20301D94FA9E00BD6F29A
                                                                                                                                                                                                              SHA-512:C5F8E6471B35EE7418E21907EA57FB4375E9D2498E040C7D2A3EFD96369E8B0DE76D14719D49C3EE105BA8B1B0BA66B0BA87194A95521E356D7DD6B3FA09F67A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:EAD94B40B05311E0B906800E1B778B7B" xmpMM:DocumentID="xmp.did:EAD94B41B05311E0B906800E1B778B7B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EAD94B3EB05311E0B906800E1B778B7B" stRef:documentID="xmp.did:EAD94B3FB05311E0B906800E1B778B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..9M....IDATx.V[h\U.]..{.I23.IgH_:.C%.mD!H.>.B}.~...`..?.X.W[.#(.B+.?.."E......U.F...Bc.G;m.3.<..l.....8.h..}.=g...Z{.+

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):439
                                                                                                                                                                                                              Entropy (8bit):7.259055102899862
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPE7fjnDshLUrmsg+l7+lNTxaF7nSZ3NKVm9Fx+hFLvX1RQejvyBNzeuogEw:6v/7Kf8eyglqlNTWJV+FkvXJvIR7sc
                                                                                                                                                                                                              MD5:59DA7627FE57A45C1E11C627ED6ADF34
                                                                                                                                                                                                              SHA1:F59EEE1521BFD4A0A08B84083198D0397FC046B6
                                                                                                                                                                                                              SHA-256:85B8BC720832B726CCEE9D7C5424AA980ACF115359AD4A7D2477DF342E9C5CC3
                                                                                                                                                                                                              SHA-512:E5C99E3E1477D3DCCAAEB3A421F23157BAE6AD9486DD5CFB5894D754FC186E7DA9E62D14796E0DEC30BEC84D049D285A6F688929FED01D8DD5EB65F508BD2EED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<...YIDATx..1N.1.E...F.V...J..." Q......)..44 .....7@TYJ......i..^.{C...._....f..U;.o....y..|...C\......[.{.%.. *.....[......'..S......P..p.cK.t @.......<...d...(....d...!Z..C0.+@.....:....!-#..!jE..".....F... <.H..x...h..y..H.......,...."......H0...aq..~.`H#...W.C....A.!..,.i,..,.b.Hj9...E...q.!.J.I......."....j.L~rHV...Fo..`...5.....0...[>5.C.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):498
                                                                                                                                                                                                              Entropy (8bit):7.434510372394698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7b9WJkI2a0eOPuNqgBUJZdfUUbb5OwQc7/:OmLFN7ufhNb8ZcT
                                                                                                                                                                                                              MD5:7100E6E2AC22FE2B56474A02FFAFC5BA
                                                                                                                                                                                                              SHA1:51F78719F7BA2B7CA98A09D8B7458899CAD10BE3
                                                                                                                                                                                                              SHA-256:CC198F8C358CA6E597FF3E4CE26098AF90EB2FDDDA43C284E0FFC04518758D49
                                                                                                                                                                                                              SHA-512:0268AD5E012BFE52827FAE10A237A3D826019BD571F9204DDAB423141EC215A428CF64A5D3B3ADCE7534077F28EFA898DDA6559460198B8177F44CE17A6268F4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............&.]....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.|..J.A....Kr)E,...B.ml.,.}.{[....)|.._@D,...$'".P.Z......:.+B..s.....fg..5......ziA.>...A.t.x.....4..A...$'...j~..mt..z.!%.?..L)A3..{...J..U(YE.&S...d.*.C.......d...M...B.+...CJ.Ep%...k.A.RH..".T...D.)..,.t.V.X...2.V....k..1.....M.A.F#1?.|J.A.....6....|...4:a..06f..[.dP.f..L.....5...6c..d<.R..0&c..M..@I.c8..*!...!%...A...XC.9.>hV..............F....g.....}....V'.G.....z|7..p..`...c{-@W....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):903
                                                                                                                                                                                                              Entropy (8bit):7.699385896012563
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vpOJ224wpwYX83/BOPNHWlFCQH1xVEiOCt:sB4wpwYXQJsWqQVx+il
                                                                                                                                                                                                              MD5:7A18E39C06768BB6CB8ED29210300762
                                                                                                                                                                                                              SHA1:86BD6DDCBED23EE06E50169EA20A19D221138D6F
                                                                                                                                                                                                              SHA-256:8A1AF48474461A3A1376B341968CE1302744328ECE642B2E5876205706CB1425
                                                                                                                                                                                                              SHA-512:9FB9754651AACF182A3B4E7EE89C32E938B411F68355F7E5A2D3A2EBE09464FDD64A3520EF3D53F5620890AD999AF472C738D71BEC5900131504D17091DEDC6F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<...)IDATx..]H.Q...wftu.t[uu.,.^"7M$BS.zH#.....> .....G.@.(.B.!. 0.cS41..PI3K.uu....u.fo3...j.+....f...93..2.vn...=.PVX.m..B...g........N..,.(....'/....~o.....\n1.A.!.2r.H../..l..<.0M<...!<b7B.....x.rKQr......Wq....U...z...o.%..C.,+.[*.m.`9.j$&...i....c.f.@.Wg~....*i..9.>T..c.lC...x....@.V....V.*.A_..I&.D-?.-..+hV.l@.2.E(.r.).c6.~]...&..B.6x.u..P_.d.YP.HG7...\S4.R..../E&..13...!..U..h..,..*D...A..{.)..^.h{#....A..#.......i......r@......9.....X...-K...Xt..Q....0.XXR.{..q:.....0n.E(c.g.|a.J*...p..j...ae.....T..r...3..s.h.)...9Ar >9....N.q2.$..<....5b.6..u#3.......W.!..k.W1.w.rdM.5q1.....'......n.b.Y=..&.o.Ae."Ci..c.N8idl.Dmj.eUz.<@A.2............7..#]k...d<.~EI,...........Z,......I.k).8.r.(..|I....X..H....i...f..<.?z.z.........3.d...@..J ......u..>FVxuG.. .Ww...G.....Esv>......IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1039
                                                                                                                                                                                                              Entropy (8bit):7.780516394558098
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vRix3NC7oZovG6XG2EyBkgftgT1R3+DmPNMpQpbqecnhDCulaYU:odgakG622nuYqPFPCpQwGb
                                                                                                                                                                                                              MD5:2E2C4E5CF7972F26C8EABBB4F414611B
                                                                                                                                                                                                              SHA1:529267B8D6E012E514F8A750690FF28E5A62D280
                                                                                                                                                                                                              SHA-256:14B38963B79EFC66C6A7F995AB7EE5720442F388EF7964C977942E14934C0792
                                                                                                                                                                                                              SHA-512:FA48DF1190B7A9D6C263B8994D3B7F87F1E2420831562B14F75813503EBFAF31D9BB96E2B1132712D71080FFD5F4B7C6E4AE1E094260494B35EF34766B52A181
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..mL[U.....\....61...U.50.o&.u..%.l1N....,&fd._.`........a.~ s.R0....A.cB.m........[..K..8.M.....y...9b.....7....mRH...[.&.H...=.&KX..-....I...2...j..r...=,..u3vq.........09.!.&.EE=;.I Z.7_...|.../.=.Ass..>......f..y..N.d.k....}l.x.2V.Z..M.....o..&'N._.KZ.3.Kem..\..P....*/Q..K...3...,6.......3m}Wg.w..!.&.{p...../<.a.FO...t.d. .n...2C#^...H.Pybe2==.r2.....e.....>D.k8..l..J.=...=7@../....iZz!]gXT.b..}.QT@.X.%.Kj....Sn.e[...."1%1....V*.;..b..7y.s.pm...C).~....T...14.'eY......O..K.s...G........@)......T*..i..g...31D..At.3.wU.+W.S~.h..'.PY. ....D.....Fpq..Eise...:.......?Nn....S...G.H.J.SJ...B!3..*..-.......WG4....6.1;...T...%..~K.5.b.`........X.?.!.).i."c.p...46.=0.YC..Y......7.S.HDB..9>.}......5.(f.K.P.%...../.B....z"X...7.a.s..5.A....}.x..4.V....e.....I..B+~D.0.`.*c2.t..i.........Q..|....)S.....\....?`.?.{{.1.....W...K.f.RQ.}..-9C.UG.....Rf.o`{...%/T".H......4..v.xD

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1673
                                                                                                                                                                                                              Entropy (8bit):7.24544963128269
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vh1hpunQWwjx82lY2T32HEVjCQaKLyJ3VjIqDG8G38lubWf+cKmHSQOJRtQJ8nZD:HitNn2VEJ3xHLf8zJLQyQa1
                                                                                                                                                                                                              MD5:E7B302EB06C9B0DE9779737EF99623EC
                                                                                                                                                                                                              SHA1:E4D3556B4EBF705609A27F0C5204DFE959FE633D
                                                                                                                                                                                                              SHA-256:1CEE8D4BB9726DBA70777B6266F5FB448E645B17A1E4577E3BC0DF2124786EA6
                                                                                                                                                                                                              SHA-512:95C991A7243527198B4D7A83540245FE88C9B630952AD0D1E2BC673F024CDCCB2E97F44877F5072867155A7F2E6EDD10D3B00F25AE3917DBAB8F5AF4D7ACA150
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:FBD0D9CF923A11DF8B1D9DEF74783ECC" xmpMM:DocumentID="xmp.did:FBD0D9D0923A11DF8B1D9DEF74783ECC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FBD0D9CD923A11DF8B1D9DEF74783ECC" stRef:documentID="xmp.did:FBD0D9CE923A11DF8B1D9DEF74783ECC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.V]H.Q.~.6..s:..................hftQix.U..P.....X..DD`.&.L.eNCf,6..:m.zz..l.........p.s...*"...a.?..q).

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):555
                                                                                                                                                                                                              Entropy (8bit):7.2875574321583585
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Ys/UJIvcmmwT0zJpQjuM368DavY8XNZQ+MucUSIdZ/:vxJ0LT2J6uEDiLbMu3SIb/
                                                                                                                                                                                                              MD5:3C219E9F60486566D4DF29078138B508
                                                                                                                                                                                                              SHA1:C52F9A5A20E34C5549D84991D3EA7B016C9AEDF1
                                                                                                                                                                                                              SHA-256:3CCDB7939B0285E38749141A3985CBDB05A4E993E2FAB9BB419C172EA616E4DE
                                                                                                                                                                                                              SHA-512:56D24EA258F2C4E12062A5E99E1136D1CB31F2B25A6E8051CB68CB970B4271ABD437D36C28D345379ADC0F1926DD277801C411E69D19A670EECFA7D4761111B7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....tEXtSoftware.Paint.NET v3.5.6..Z....IDATHK...N.0..C..U...x*......T....<...S*...@.%.?C...@Pn}..qL#9Hq........n......v.D..CO.m]..K..>.`&.v.....u.=...$../..O..DT..(....7/*.w....tN.e.,I..[D....*P........2/...+\.,.{@Tq..0.qc.q..'....=.p...<...@....q]E....v....0.s.R_.5...(..@...N...w..kZ...qX...R....2...R..._..r......i.....X...F..;...&.....-T....sj.Cb.`...15?....$.>[~=..1.-..,.....P.9.M...........w[.p".bx[...+...v..Zw....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3331
                                                                                                                                                                                                              Entropy (8bit):7.88082078592922
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTED0bMQhtRXm:bSDS0tKg9E05TZMQvY
                                                                                                                                                                                                              MD5:5632D7B591BCEF4A4B0E4302ABC4182A
                                                                                                                                                                                                              SHA1:3DEE4B2E2FC8C80F3B3ACE7B11B8014E68CE777F
                                                                                                                                                                                                              SHA-256:B61F3712C5AD8B1C58439731A0A7DE1213870D8B127D1F61060085CA4B02794F
                                                                                                                                                                                                              SHA-512:924CA3456C2EC1CD1567A564734B584A798292D69C9C336F28A8120E01FDA013E58197E84B14F9FCA9B379E683C4FBE9978DC06CCDBE845A9D7C27094169CF98
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3216
                                                                                                                                                                                                              Entropy (8bit):7.8906601217003995
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODhn1aYaZe3:bSDZ/I09Da01l+gmkyTt6Hk8nTJ11aZu
                                                                                                                                                                                                              MD5:29D046A3F81292EE314864085A63FF81
                                                                                                                                                                                                              SHA1:9B6B8A5E556B475E2E18CE6875D9561AF07DF37C
                                                                                                                                                                                                              SHA-256:B5B6674E9D6CA9441C93D1F14C1203C75DCD3F756C8AB990FB736EB8EA02D1AC
                                                                                                                                                                                                              SHA-512:93933BF98A7E2ADDE07218FF71339386A40D42C55CFDDFBAFB77C8720370999E5276007B1BF1D775D9EB0397A66A34776E081966A4FD0EBED59A1B0E086CC2B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):54427
                                                                                                                                                                                                              Entropy (8bit):4.901759562502715
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:AbK3VVunf0hStGLaPaExmL3CBxFw2o6R9at4DNno:+6WuStGePa/Lyhwlu6wno
                                                                                                                                                                                                              MD5:B9D81EBDBAF2831187D4F2A9A8F0A8B0
                                                                                                                                                                                                              SHA1:E927C2C1951133343C8F192A8793A41DBA4610E8
                                                                                                                                                                                                              SHA-256:33F81CBA5C6816829A5A5D25CE7AAF2C7F285F1BBF96C2F3B3A96DA91F6A6A5E
                                                                                                                                                                                                              SHA-512:1BDC57D0A9BCCB08F601980B6D625296A14631449376BDCC9CDAF3CB8F71A7EB9F6E709746B7BE3CCBE4DBCEA54AB566D993CBCB444FB9EA957F17B0BA8D6C9A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<TOOLBAR skip_attributes="true">.. <LOCALES>.. <LOCALE id="en" name="English">.. try to keep in same order as FF and also DTD and then properties-->.. dtd -->.. <STRING name="sweetim.main_menu.home.label">SweetIM Home</STRING>.. <STRING name="sweetim.main_menu.search.label">SweetIM Search</STRING>.. <STRING name="sweetim.main_menu.messageboard.label">SweetIM Forum</STRING>.. <STRING name="sweetim.main_menu.trackseraser.label">Tracks Eraser</STRING>.. <STRING name="sweetim.main_menu.help.label">Help</STRING>.. <STRING name="sweetim.main_menu.feedbcak.label">Contact Us</STRING>.. <STRING name="sweetim.main_menu.privacy.label">Privacy Information</STRING>.. <STRING name="sweetim.main_menu.options.label">Options...</STRING>.. <STRING name="sweetim.trackseraser_menu.clearCookies.label">Delete cookies</STRING>..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3239
                                                                                                                                                                                                              Entropy (8bit):7.888643295675962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODCRALs03pS:bSDZ/I09Da01l+gmkyTt6Hk8nTdLNZi
                                                                                                                                                                                                              MD5:28FDADB259A8077E09F442CA8EE1FFE5
                                                                                                                                                                                                              SHA1:9F93FD60CFC263758E2893813FC2EBD2AC3BB352
                                                                                                                                                                                                              SHA-256:9B519A9E1A1B17921268F552120BEE46DCBBC0BAA8BD888524BE0F7278172F6A
                                                                                                                                                                                                              SHA-512:E5926D42E2C79DFE415132156CADE34830B98F81D359F8AF2272F7B0B723C93770AA40F4478545ED01F7C4D23B051700641E33F36ACDF8C7E4736B0BA0102F50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 21 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):448
                                                                                                                                                                                                              Entropy (8bit):7.095506389195432
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7R6/UJIvPvTGYXs8pbe1nj38FivnuHgF/kyY:KTJqPvTTijMFivnfF/k5
                                                                                                                                                                                                              MD5:B7B7FBBFEE0C7819A973A39BAF5BCD4D
                                                                                                                                                                                                              SHA1:109BD82AC4898B3E55794F2FF367E1534EFB2B9A
                                                                                                                                                                                                              SHA-256:578145EE817A71932D49DC108DA43496F97C6AE27ABBE602DD41DE34B5E15D9C
                                                                                                                                                                                                              SHA-512:275D3048D4C607007C5E17040E21C2C5028469310356C368D842DAB6AA2B9FC65DC2F2F4503917EF2D5A4A04B1E9B311620C7CCD75765B2A5714A0F2FEAF97DB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....tEXtSoftware.Paint.NET v3.5.87;.]....IDAT8O..j.A......$..........#.>......B.....v....g8.F}._f.qn].....q7...Y.'....n..5.....Q..^...1.).z..C....B.................:.....l....w...t..`dv....y.+....*-.*`.RW.L.Mx.........{9....g<.....~."=~......m...Uz...x..q............2...Y..}TL.&.A.MZZ".5$...c}.v%"! .R=u...{.}...q.k`.......IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                              Entropy (8bit):7.7115682629611495
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7iMXQbYxUmLXrR83gsck25T8crr2vU3w9lFKms5QQjsa7mwetd2xJ+qjsq+Ka:BbYxUmLXd83RMBwl9g6wo5q/+Kdpi
                                                                                                                                                                                                              MD5:CE93245253E7D87992B0BA17501BCCCE
                                                                                                                                                                                                              SHA1:EB886BDAD9250A51E1DC7C3E46E34AEA684253D0
                                                                                                                                                                                                              SHA-256:CC355E7C9F6C28CA686489EC62307BDA4BBC580D7479794B9080F48E8D1B288D
                                                                                                                                                                                                              SHA-512:CB1FB5E8F26542D22194970CCCDF575780E0D29710576DA925E03A0140FCDB443A58A8CCC0F6993968F0FADFA69D2BC2CA708AA002565A24E5D0E68A7631E6AC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..W.k.Q..^.).:...*.\.......E#..ED...C.]...`..((h...g&....n....z..Q......\r^.....K..~?...|...y.LrL....X.y)3==.e..r....I.....JOc)`r.D<.b.0K..rl..x......9.E......oc...g.....Y.9.>..-..'....{.q.@..|....Nc^...9I.^.=...2.6....@..g...K...@.....D.......z../....A..b....0N......Q....V.:...@...Yu..8.....*).......g...Ik......Q...zp..b.._...'}.W..$....5.M....)...[..)z....UR..<..2.F.m.W....>._i........-3..Y..._.........u.....$.x.-...L.=...g...Wf...l..0...v...J....{..iC..p..x.k!....^...^.rE..8.hFA....s..l...~@...H.#a8...)O:HX[.......p`9f...\.?.ND...rJ.1...P....nq..........a.Q_.l.X{.Z\KV.*.'.]0...#.Rq....o...P........>z.q.....[......,'.S."J1;.w$.s...x......s..."03.&......Rl?`..6.......-6.D.........ZDw>@....X..e.Ym.......QTgD..........4o*>...=.8...,.!r..+.'........u.[...............IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 246 x 45, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3790
                                                                                                                                                                                                              Entropy (8bit):7.724285562203114
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:p/9j4az+unO0LrbZW5eMI9uJ6W63PjDRr1Bhw5etccwyj0L81K:p/pdznFLrtW5eMfB6/p65eScwyjlg
                                                                                                                                                                                                              MD5:56C3D53976D3E4EE3E15D2B91459C05E
                                                                                                                                                                                                              SHA1:3DAF5A98972426AB200BD58188B5291F80C0C0A6
                                                                                                                                                                                                              SHA-256:7E7DA62FDF2457AD8112B14A1C4DF06B709219932EC43CA9C21137372E5C944C
                                                                                                                                                                                                              SHA-512:0910A42D4380EB06BA565E9F5B95F212E25D32379376A71CF43959F2EC0C3528A5E91EB60F8979994C1124DCD151DF3B10F7B8A98E6EB710BAC2E7EDE0147BF6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.......-......5f.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE5..T.........w..G..333......).....................................LKL.......99;.........*)+......[Y\...........+)DDD...www.......................fff.hf...yyz...........................mmm................^]............UUU.......64...jik...............vu...................LK.....`.....tsu...n...............XV......RQR......""".........QORecf.BA...kjlqor~}.!.#kil...@>@......%&%B@C)&*HFI0/0'$(.)'%#'.&$CAC......rps......# $......DBE...rqs...=<?...b`c......~..^]_FDG868nmoNMP...GHG.....!.,/................................................{z{..........ba......WXW...........opo__`SQT...'53.........VUX...537GVT...........!.HHG.UT.........hfi..................2-+...........#/.hhhklkdbd. .....................xxx......UTW.....................Uba.........T..>....tRNS..............................................................................................................................................

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3352
                                                                                                                                                                                                              Entropy (8bit):7.8931164626831265
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD8T/BbqEhZ:bSDZ/I09Da01l+gmkyTt6Hk8nToqeGM
                                                                                                                                                                                                              MD5:3D5838DF2B73465BAE62A24C4227B8DA
                                                                                                                                                                                                              SHA1:6DBC88054A5CEBC0BD528965E232ECA12B7FF841
                                                                                                                                                                                                              SHA-256:910F08F5D49FE7D48E4C04E2A2872B67E5210A16AD10611D89D23009A58AE225
                                                                                                                                                                                                              SHA-512:D6DCE4ACE8CC5823A2E54265D9207C37D84A2D5F43B57E0EBE4BB08C2EC051F507730B46F0F5AD3B90E13DB6C7D4DB1946F0FD3A7B25A5EC14A92769CCB40772
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):969
                                                                                                                                                                                                              Entropy (8bit):7.762222484405286
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:H99+nx2odKpOu5EoaHoA4JtF7yq3W4T9bx+Z6JEGY:d8x2odKpOmZ6rStF75m4Txx+ZaEGY
                                                                                                                                                                                                              MD5:6CCA94CDF2EB6A5FF419733DF8E89C8B
                                                                                                                                                                                                              SHA1:9B53E137FE7C6FE398403EED10CBFEE303CC2A83
                                                                                                                                                                                                              SHA-256:5F424A3EE5FE6892ECB699ECC07D21A8749166FD5356E6AAFBF6564B0DD0B3F3
                                                                                                                                                                                                              SHA-512:C1D45F195837E4AD1BF78F1BF5A7C418734E69D4C477D807ED34B034E079B35127757E3F29B8725070C4C93063574155A031E88E50CDECA93FF1B6789E85D2ED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...kIDATx.tS]lSe.~.s.sN.u....m...J76p..!Q.2p.h.T.....\.h.z...&^.h.d$#q*.............c.m..u....==?~%$J.O.\}..|....Gvt........l._I)...dd.S.q\..1.x..T./P].,.8......]..]..-.iL._...e.Q..hp#`.....).7L(.$...........D[?.7..*n...Wg..#A2m.Z..d....Df...9g..K..W........H}5.K0+<\../;...os..y..[..k.5%..^I..V..@.1...C.cr.t..MGz./,T...#......z%.>...G5..MG.;:..u..."..,-e....J''p....v........P.....cHmj..w..d[.c...D....... ..v.Y...X..uQ..4........x.68......{..x.i.U....68..5.......s....7..w....JH.V6Q'<."....M5....<.`pFa].W.....90..{c.~...n9..52..AZA.A......h.q_.w..p...{._*Kf.~."...e...e*...g.Y{..]D.w.8.}.......C.Z.....p.^.j.|S..v.J|........Z..,t.<01..''04........l...KB)@..."...].....ja.P.....b@d.|.!........K....$..x......+..(.L-.3..|...ba..Q....C..Q.Z..c...h.*......V.......(...o...`.cl;z./8lf.....7.y...._WEO.;6.._..7g0...Y..a...a.....=..$M.T.S..0._.Y.S.y.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3278
                                                                                                                                                                                                              Entropy (8bit):7.893549704778689
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTsS4Rlj9y:bSDS0tKg9E05TsSCls
                                                                                                                                                                                                              MD5:D4352C2BE26981D4E8898F5E849CF007
                                                                                                                                                                                                              SHA1:97F3F38E82EAD5301992151D27AD16B17D507A39
                                                                                                                                                                                                              SHA-256:9F13EADD57A09A9983A827F339BF10317966265DA6975AC70B2589BE3090C631
                                                                                                                                                                                                              SHA-512:A910B629C236BCE1350DE8AEA32FCC2A12F433B53DBADBE15FC14DDA17228E57A0BCBEF726AC1713BA4AA5810C45A35219BE1F109E44A767469A6C39E7BD0B5F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29415
                                                                                                                                                                                                              Entropy (8bit):4.490684415635435
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:Slqu86QlPas83yyNu8zNMiXL83dPnCU8zdtX6:Slqu86Qlis83yyk8zNMiXL83dKU8zd96
                                                                                                                                                                                                              MD5:09329F11B6501E086D43C7EE10D091FE
                                                                                                                                                                                                              SHA1:5EA4D3ADF08D1E7D2833DC83DE1950262AB042E2
                                                                                                                                                                                                              SHA-256:FE22FF63F37D2E64C5CC3C04DED5571193F0887D246A35BC54510AF26F7DF7FA
                                                                                                                                                                                                              SHA-512:B5A8A6C30BE10A9831003AD6A964E7AA1031B4A7CE76D482C93D7A7856AB94AD7989288A78CAA07966D4E797294A31F4CF03944FDC38051E130B114095D53370
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" >..<head>..<style>..body{margin:0px;font-family:Verdana;font-size:12px;overflow:hidden;background-color:#F1EFE5;}..#d{position:absolute;width:750px;height:300px;overflow:hidden;background-color:#FFF;} ..#d1{position:relative;float:left;width:750px;height:245px;overflow:hidden;}..#d1-1{postion:relative;float:left;width:200px;height:245px;overflow:hidden;background-color:#153F4F;}..#d1-2{postion:relative;float:left;width:550px;height:245px;}..#d2{position:relative;float:left;width:750px;height:55px;border-top:1px solid #A8A7BF;background-color:#F1EFE5;}..../* Navigation buttons defentition */...btnTopSpacer{position:absolute;top:0px;left:0px;width:200px;height:16px;border-right:1px solid #000;}...btnElement{width:175px;height:26px;line-height:26px;padding-left:5px;border:1px solid #000;background-color:#E5EBF9;overflow:hidde

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):460
                                                                                                                                                                                                              Entropy (8bit):7.245509888130456
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Kf84phqOJvMfNVQWUEOtF4v0/+tKc:pqSTVI8/+td
                                                                                                                                                                                                              MD5:4F1E15984D03F13436721C9BDF01B2A7
                                                                                                                                                                                                              SHA1:146CEA0B99EEC92210DE79FB009485C915E871CA
                                                                                                                                                                                                              SHA-256:22BD84A0FF91D471655712BE0A2CB6EC8C7F8737021D81E4E10D6CFE3958E3E2
                                                                                                                                                                                                              SHA-512:F859EA42D7976F33CDFD89FF6C0C795CDF2514A90F5BC97A867CD969471DE7A5BC7E2912ED8689D0CDD5041E5B1C676840CA4933A8C3030DB4FD1C7FB56B6E2B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<...nIDATx...M.@.Dk>6..,.!.2 .....3....pE...i.....M.jsh.]RK.k?U...}.6....#.#...`.PU'..,.t.g.:.;k.... ".'.[.| .#...j<.s~.X.i..Z6J4Uy..x ..5...a@tm. }_..2..D."...C ..X....j.... t..@fk..UkE......D..Q.@b,7..p...QUa...%...C.y.."2.H...gC]..$.H..n.S*..uES.e.. 2..m%.!9..j.#...$...YC..`@.#.C}.tHj....K.!..]..H.L..u .......b..(........4...Q...s.}..{......Ps#dR..$.........|.........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):449
                                                                                                                                                                                                              Entropy (8bit):7.150750157859846
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Y98dw5S3jnu2kMufaW3xOn0NsHMYEZrMuU:vHAnGz3Y06HMYEmj
                                                                                                                                                                                                              MD5:ADFC483E0A445D03A132D545F78C0A77
                                                                                                                                                                                                              SHA1:5178CA049680CFB50BD76F90684B6F3A7F4634A9
                                                                                                                                                                                                              SHA-256:4A2CFB0D304D4565BD442109F97C16493F1E57580275689BCDF675FF8B57C238
                                                                                                                                                                                                              SHA-512:311665270648D9607AFEAE035C798CEFD0FCC68C14A99041012227CE59A0D2B27C8F85422613F4F9942B1CDBA1B2D0BDC10C89CFB337AB631C559B8ECD83A323
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<...cIDATx.b..).....E.....10..OW.2..Y..(.9..#1....(>..A...V~......._...F-..bV....10...........:.6.|..BV>.oe<...e1.lg`.9...G.d!(.A..c..+.../.A.A.+E@....W00....k...)......).s....>b.+.-.....}....0..R.e...6.-.a.P...f..e...,..%..`.....p.t.0-.%.P\.Y.O...D..H.j!(.........4L. .8..8......,.ae)..:...@.~...9,...v2..@".RL.a.d0(.|..O.`.e..<H.........W..m.W...........,6.'....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):870
                                                                                                                                                                                                              Entropy (8bit):7.681632942264471
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vkPs41ztUapSa8s8lYXf8bSKvl+Dq4x91UxZfAEIfw:cPnCapy8Xf8O8Kxx9sFAEIfw
                                                                                                                                                                                                              MD5:E206867798C439605FFE67E8ACACBEB4
                                                                                                                                                                                                              SHA1:3EBEA11998168E4010226422B420181871530772
                                                                                                                                                                                                              SHA-256:80821899BD28DBFA390764E615DF13147940729563739E9D594CD066F26F31E3
                                                                                                                                                                                                              SHA-512:5E3F357CFD06DD24B93BC031CE57C6DAB821CD543B2F8BA36D6C18B01E01403F6E540417B17E8D34A83B44F63C44235AE4ADC5839D656D251F673A089C07C48F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.VkH.Q.~.6.....yk....Q...j. ...(..?A...$..R.C...\DJT.,*/KM.R..ks^..6u...>5......^8|...>.=.!.ER./.H&....=._@J.. ...f....2B....k..v...x...Xc..t.R.V8."..n$g]...T.o.I..r.w.ZUB...........:...,.Z.....S.6......H.... |.P.D..P....e..I442j.!.q.....):>....&4kB.e;.e^&..qT.U@&W!1..c.u..W.CJ\..Ft.L....V..e.i$..A.7`f....($..e..4.,d..Lf;..r.?..".......,.?...\%.../;K.r+....m..ka..@..Ad....+..^..7....H..c ...v..rWs...LL.!.y:.5.b..">..l..l.9..).ho..">....5,...N&.g.T..m..).Mu_.......s%;9........0......F.*..q+..8.`gMpZ'A.S.no....]...."D.Q..../&..F.._;jA.....}....4..@...4d..&8........N.....@s.}no1/.9...S91......'a.1..Q.<....[....$##...B.2..a'.~......W*..HjZ..j.R......u........a.l...P.K..2><rI.#.oiaa.--..K.c.4`...S.A..x8u.O.^...... .i...W.4.....g.[........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):818
                                                                                                                                                                                                              Entropy (8bit):7.666146229219064
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Y98rxgIS7RtPzDA9eUqYUjt5moGw/AndUYqH42D63hS09SG21bKM9:vOxNS7RFfAqZt5mO++O3hSnG21eM9
                                                                                                                                                                                                              MD5:B89610163C57CB7D731826AFBC53A3CC
                                                                                                                                                                                                              SHA1:EBA3809C743A2A14BA454E0CA69D4042D34331DD
                                                                                                                                                                                                              SHA-256:D24C9EB565F1FA0BBBEF93D60416D2FBB456B742CF2A0B44CAFC0D4B4BE4B726
                                                                                                                                                                                                              SHA-512:CE9B9544D52879B2CCDDBA6A2552C7F1A1CA0F2F5D66E14A12F37A8AB4096DB2B9ADE272C711F36240715FE5EE1FD8A6237D698188ED470FC2BE23651525903B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.V]H.Q...8......Qa..T..A.Z...S...CAo.I/A>.DE..O....`e...b...fm..R..n........--....83.2s.w.s.=./W..Y...!......H-PH....(.;).. .b.E......Lt.......$....I.?..a"EipV}E... ...@.8.hU5.:.c.U..]x..x...%S..].L..uu.;..i.".S.=......ut.........{[dY.T.L..$.[mm..}.03.1..9..O.k...su....q..n...V..`..3.).M.MI:'.(.......Z,....G....>\N@.}P...5.'%.....4.%..8.........0..`.9|..o!.%...DQ.'...d.u..."'0.\\..]...$..d*....Z...f(...R..I..3...59.J..O.}.1..R.....-....mR..&..|.8.EDT........g:...P.....]@9.0..x.....&......D.`%..n..Q..+..5.xg..c|.>..S..T.z...-...Qu.........z....bh...~1P.'...v.]z......(]..o.Ai#..}.$.4..G.....T..O..4...W.l.....:k.dv*B.......$Lc.-I..fsZs....<S...?..C..B.d.....v2...g.N.RbYm......cSj........IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1937
                                                                                                                                                                                                              Entropy (8bit):7.389814448833648
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HitNn2V1QJ31hk7eKawIcA2QPjTipNQ7n88:I2ek8w1AbKpNWF
                                                                                                                                                                                                              MD5:5D34EAF1A434DAEE65C01E946C5BC9D2
                                                                                                                                                                                                              SHA1:111D950817FE6DE90BF9E7B53AADF52CD1580914
                                                                                                                                                                                                              SHA-256:D92B0769CA8C70B5D923B51FB1D794C91F6D644A8F680F102CBC3761257B5FA5
                                                                                                                                                                                                              SHA-512:42AF4367F38687B4F4B0EC0E447A4BE65D239A886A140F4747DD375A6DD88FE3F52A7952580EEEC1359FD85F32B0BF428F2BDDE490115812F942B37128FD648A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:489C6DA0B05311E0B69393730A523D9E" xmpMM:DocumentID="xmp.did:489C6DA1B05311E0B69393730A523D9E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:489C6D9EB05311E0B69393730A523D9E" stRef:documentID="xmp.did:489C6D9FB05311E0B69393730A523D9E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.V[h.U...93{.&..l.].n.P.C.(.i.K[.....K...|.'..S[*((.B+./.. E......U...mt[..\.m..M.2;.s.gv#.*N^v`fvv.......?

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):450
                                                                                                                                                                                                              Entropy (8bit):7.2764028108843135
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPE7fjnDsdyvkXn4vJ+xJNU/NUP2w8tcS5+anwU3I0xfRqFV8sJtuzEeY37N:6v/7Kf8Yvka0JNEIycEn67UsXrpmhytN
                                                                                                                                                                                                              MD5:E59392EC8FA0EF51208AED60C9AF70F1
                                                                                                                                                                                                              SHA1:4B224E56A4D3D83A98066945B3EECA245AB92482
                                                                                                                                                                                                              SHA-256:36F0EA2450743BC49FF0C94A350EB3B80EEF0379A0A6048383BC68E7750249EE
                                                                                                                                                                                                              SHA-512:F3999E96BE203B1134BD0D4C6D6CE84C4027A31D5E3CFA5DF9182C8BA85516E2273A60D558C5D37A67D7408A7AC55EB36437AAD8220420B4C8E9F96A1047107E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...d.........6.9.....tEXtSoftware.Adobe ImageReadyq.e<...dIDATx..1N.@.Eg....Qr.J...8.M*.@...h...G@.EZj.R.(^.....aR./.l.........:......^.......}.....".........N.+.$\...Y.I..EZhq.D.S..z.Y."..$Z)..@..b=y.[...V&..,.[N"..;......@*...j-.ebv.,:$..X.<<PJ .j..).k./.[V4........+.2..........|.H.C*.1..2..O.H...!.....&...M...J>..O....9^&.).L.@.g..l~...s..vQR..:l.6,2.S..q.P?d......./.....c.y......|#.P"H*W).....`..H....g.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):304
                                                                                                                                                                                                              Entropy (8bit):6.876355397632123
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhP8L5nDsp3AklSRi3COniR4CzKpa2Z7V0jaZeOg0jWmkFbbfB4kPtjp:6v/7bZANRiNniR4Czu76azjjWR1bfpz
                                                                                                                                                                                                              MD5:8DFE3D325B9F1841B266E3AB46D1B4C0
                                                                                                                                                                                                              SHA1:AA001471AE2799D4ED3892A56C6A2FB8DAE47F53
                                                                                                                                                                                                              SHA-256:2E41AA3D6952128865D6970DC8D702336B9AD6B8F1F69BFFE06AC4BB652A028D
                                                                                                                                                                                                              SHA-512:92D960EFEFE779504667C222C12210015CA6D263174EDC9D24DDD86539E48F8C0077DBDB6322EACCE56166A2275DEE92378EA66724F6AAF0897282778E1AFE4A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............&.]....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.......v......-#...x..?.G..eY......R....h...'../33.>....##....lF...........#V!.0..y..T..A.B...).......|!...4..{".~'...4..5M.....?..Je.,..y.K~......._..p.W.{z..Y..?....8.2~.......Y..)a.ex.......?jFy&..i....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):888
                                                                                                                                                                                                              Entropy (8bit):7.756636270721891
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vSqzKbSC1Kf6i4UMhbFUeeJSB+OLX1mf9z0tH:aqzBf5MhbFHzB91WdWH
                                                                                                                                                                                                              MD5:B4A751B5E30E962D795C72D4FCE0BD00
                                                                                                                                                                                                              SHA1:723E51E888D09E6F545B4A30B7DECA2E5F79EA49
                                                                                                                                                                                                              SHA-256:241B5005F36B5CD390CCF33DEE753A33E96D9356F40135AF5EE7101FBE255DAC
                                                                                                                                                                                                              SHA-512:E6B5C31C214DE63F3C04D1FAD344E21FAD4756B6B3D0C432C51F9EC6988DDDE84D978010E9D4C8E95E0EF7873FE1EAD2BF4C01F42C619A99AF42B52293E84BB5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.._HSQ...n.....tm.%.K..Dh.C...L......+z.Q*.2(...|.z.T.X.&Fb)*h.MsN.N...w.{....&.....~\.....w..2.@A..&V...*p.|... X...0...'.3.JU |.....op4...W...3..}.G"8<,..0....V..6.)H.^.y.^..0.....e..$.Bk.i1c..>.s...?.ix..k7!"..Cv~..%:....+0j..&....p..&bv^hb.?..b.....|.R4}.F..XD....E.v.!.....=..o.[L5..>......S..+..J_f..y....2.......==..,.].'..)...@^...O.[. ...hBM......2.y.....J.Z.1... 6F.u...{.\}..S.3....f.&H.O...U.tC..i.......@.......9..6...C6..$..K>.zF........W....!.+...BLZ...8.z^.m%.{J..N-.,......`./.x...I...........@JF.EC.n.H..vr..c:.....w!S.......u5..@..5jp.z2.J..M..MVah....a..l4.Q..hF.fF.[M2.]N.(.Q.C2?.I....=H+kM...u.;l._.MY.q.....8q...:.\~ .!.(K.....8bI.....@..?:.L..i.I..V.....s....G%Iqq..h{{;eY.U..0......$.:.&....h..z".N....H..o.....7.o...u.=.V1P.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1021
                                                                                                                                                                                                              Entropy (8bit):7.759548890836311
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vzOrSNxfn4V6iAG18tWRBnHozJuJFmhlLTA7:jNxwV6iut67m3I7
                                                                                                                                                                                                              MD5:601FFC7440C7047BDDC231D7F6AACBDB
                                                                                                                                                                                                              SHA1:39421348315DC36B67123FE94D75982712CE942A
                                                                                                                                                                                                              SHA-256:70179181F5C6242819942311BFBF5771D565ED48075DDB41D26D9502DC35D707
                                                                                                                                                                                                              SHA-512:09A70BC1C27EC23DD9E317D18FCC9DDB08388631C8BA1FC851E2928CC3CCD8703AC4B922916321545760ED3938BFE2653E15387C90770ECB9F68D2A7A9FC6A8B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..mh[U...7.Iz..m.KZ.v..V'.bkU..M.C.~p...!..|Aa..2.$...(n....I..~(s.%..X.5Mm.t.m.&Y...y;..1..x.s.r_..w...?.9J.m. .Mu.M..8..4vQAF..wX2.L+.9!.(9S.J...BW...~....i.w.....N.Q...f.X.PP."./...by1...W....._.X.5.tt.s...|r.$#.U.!J....:.jZ{+........y.MN.8........._...G.T._..n.....!./..P....v..,&....Uo.D......8.x.c..../>.n)GK.i...T....~^}.%F}..;.c.(.5.........+.Y8...(...r..U.L_`...E!..}.o....tCaY.....sWY.I}..I..%l...EETmubw..%..d..;...$.H..S.Wq.q....w.#.......IK...$j...|.wv...g4.#.TB.c.x..n4M..(.Pnw.nd`6...............P...,S}...5.V_".......8I'/r;..@V...W...,..<...I.....3..(..P.)....Y.t%,H..~.H..P....|..{tv.......#...M.,.mD65..p...@.-.rLg1...+xJS.B?.%..X...imp...t...?....]....E[..j.."R.Y>....{g.....8.%a........./.F9.._\.a..*.\...Z......|.....5..)a..U.....i..#.....'A.U.lV.$0...........-.ZB..f...W.....1.\.....]>...^.\UiQ-Xkjp,....ihyVC@%:/D....O....G*D.#....od......f>....o..

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1666
                                                                                                                                                                                                              Entropy (8bit):7.203222819342804
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:vh1hpunQWwjx82lY2T32HEVQ6soyJ3Vl4PVeGg6SsdnBqkhTkVkkm9EHFog4ftyH:HitNn2VO5rJ3Yde16SUz1kVkJ9KoJtIz
                                                                                                                                                                                                              MD5:426A10972CB0F6911EEA33000E3330CC
                                                                                                                                                                                                              SHA1:4EF213E3A740FE55DF5E7D5FF68C42DA0D37D7FA
                                                                                                                                                                                                              SHA-256:9219F2768764EC859DDC1A1E7C4D49F17946BBF4C8F64AB4E1EBA75487FF59A9
                                                                                                                                                                                                              SHA-512:C210170222E53C8C5622B06E9F3E8741BDDEE1748606F331D1E2E6BE7C8A318131C2C8120E172E982270003BFABF83D70455C740DBBC455A3EB7ECDBEE0584CC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:2105D708923B11DFBCD897E917CD03A4" xmpMM:DocumentID="xmp.did:2105D709923B11DFBCD897E917CD03A4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2105D706923B11DFBCD897E917CD03A4" stRef:documentID="xmp.did:2105D707923B11DFBCD897E917CD03A4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>3T52....IDATx.VkH.Q...m..s...c.......K..+..R...#{...... I....B.DD`.&.J.eNK4...k.......>.v..=.....s..^...."."Q.EH

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 28 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):525
                                                                                                                                                                                                              Entropy (8bit):7.267542920441173
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7Ys/UJIwp8SlJGkjUeUTw+GW/orNXZDu+5l:vxJZ8GIkj1UGW/2Dj
                                                                                                                                                                                                              MD5:90DD3385128C9E6A2DBF9748FC8BF91B
                                                                                                                                                                                                              SHA1:DDF2CE412CD2A237612DD296FD2D9B13B45F9D42
                                                                                                                                                                                                              SHA-256:1BF76B93D6BCC9F131F911FA1D08BB443748980CFF34BB1E49D537BA9BFA54EE
                                                                                                                                                                                                              SHA-512:6792F54924164DC55220E249B28A6DEA22B2E3286E000AB2F450CBDAF97EC76B59345271EB762FA1C6826FE58BD6F6DB59E30D8693511A76462863A665B367D7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....tEXtSoftware.Paint.NET v3.5.6..Z...fIDATHK..;N.@..Mn..9........!.......)....x.X#E<#y.o....Kk$6..........X.mJ..<....g#1S+.3..6..^%/......36.#.0.m..f2<......?......-.....O..t.}.b..&....*....p-..2......!..`..}.....1..jv.{....~......V....P......X.....6.p.V..1'.J...U...K..z.uI....%.W...^.W..94:..x.......5m.D..=_..T.F+...u.u;09.4....>...a....t./."....,.Vn....>k.L...p.....|D./..1TjF......IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3432
                                                                                                                                                                                                              Entropy (8bit):7.890811683389906
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTix2NsDd3:bSDS0tKg9E05TiAgd3
                                                                                                                                                                                                              MD5:3326F38F67E138CD40DF3036A6309F63
                                                                                                                                                                                                              SHA1:8371BACE6C48FC5AF719000E91A627F6DC0CE3AC
                                                                                                                                                                                                              SHA-256:A86EB86BE5BA9BEEA0C3303447F4BAFFF2A8BD49AC2D245F3759C31DE52018FC
                                                                                                                                                                                                              SHA-512:672FD5BDD4753F3E8EB9A30B25E18EA7231DE7208C217E9D55F3A34A794B27626C290E581418229982DEDE7975D21C46E3E9B32F265BCAC8B2FBA56926B5C841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):784
                                                                                                                                                                                                              Entropy (8bit):7.695743284796664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72rnSuDO0xkvVXUTDkIPr5vDeQNMV5PhSEbsqs9GaWzL6gsp2xkIoKzxV7:3SkO02dkTD3Pr5vEQI6L2+IoKF
                                                                                                                                                                                                              MD5:7D4CAAD7B62C2F69274E585D326D2A91
                                                                                                                                                                                                              SHA1:815175D8C54D86B622873FD152BDE7482B6B83D8
                                                                                                                                                                                                              SHA-256:8EF5C62F599935ED9448258366E2DCB209338870B902D803F20081494FE46E51
                                                                                                                                                                                                              SHA-512:5FB3D260220150F1461577287D5D273482207F4CDE362391FE81C643C113A598B440A413B35DDD6520DF55B2AB2C3EDB8A24B2EC2AD681FEAC6C382192A31789
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[HTQ...}f.q4...6h$..iY.1..,...!).@.%..b..QH&./fD..`.FTf....S.My..@^f....xV.(...C...f........D....?........H.zS.mD...Pi...6.&...!a...hs5..;....j@............ZI....<...h.?.!{=.......%.<..n.,.A.....2.t...t.7E....F..H....1kB!z:A..P.s.Len^.....mp...z.:l\...LX.....`...m... .\VV..:lUI...9e8.p..f...o........q.......1...?yTb..-.\....R....X...\..IK.E...T....l..7.Im..jPB.../......B.X...L$.{2.......N6>.e'.N.../.JV|...{s.d..5a..TK7F.q....!.6...Y.w..c/.S..l.w........qvgT.T......!.9...'. 1'I...,~O%.:.R..KHt]i>n.>..G.\.u.Q..0....&.."}....CJ....E.>....B....<VS.....a.i....0.e#.. .K.P...(....._.^i..q.4.Xk.%se.;.....3.}x.=...?;KW...B.q.al..a5._+&..F...{H}..O...@j.i.1w.....IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3157
                                                                                                                                                                                                              Entropy (8bit):7.877394765167326
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTaltO/gUB:bSDS0tKg9E05TktO/B
                                                                                                                                                                                                              MD5:F0AB9A69B17612C11649995384EB5F0F
                                                                                                                                                                                                              SHA1:7C30804C11A1CE6F374093F33A2FEDA3DB1BFC23
                                                                                                                                                                                                              SHA-256:A0C4E0C0262B4D879EFA682365458B48EE02B3969EA55EC26F2ECC613BF20983
                                                                                                                                                                                                              SHA-512:CFB8DE35C8F89B42422AA88816739DEE47AE16181277BF0E21238D5FB0FA81EF62CB4242303C5385EB5B0B4060D34A999F86E0BBCA67F68035EB9E618471D0ED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 39 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3144
                                                                                                                                                                                                              Entropy (8bit):7.8800675940165785
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:tSDZ/I09Da01l+gmkyTt6Hk8nT32rMK0Tz/sN9:tSDS0tKg9E05T6x0Tzi9
                                                                                                                                                                                                              MD5:1BA2AD1C28A5ADB2567D1B40D77488B6
                                                                                                                                                                                                              SHA1:19661464D83FEB734DA31A368911370A64D54EBE
                                                                                                                                                                                                              SHA-256:9B37E88CED80353EEFDC697FF2B211EE2B1FF86B0E31C8C0E4D7150E22597E3A
                                                                                                                                                                                                              SHA-512:F25015416A49CCB9D2823A1E1025C0FFA4BB4E92043D39175F55BF17362C248C14579A57A38219130BDB8E27A02DCD9645E5D9433753CAE986140B804F669B9B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...'...........f ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines (584), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29617
                                                                                                                                                                                                              Entropy (8bit):5.178989835892454
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:f5xLwKCRuFRs/0vdzokgysVik+rwcoRq3cWQ8LHUrsrjLP7:sKuu1xg3VikZqHrP
                                                                                                                                                                                                              MD5:CD2F2CE86EE19CF3CB901CE200403B36
                                                                                                                                                                                                              SHA1:3EBE478173BBB4553479D64A614EDD45ED4ED8A4
                                                                                                                                                                                                              SHA-256:C6B8F282ED6A48C68316332A8B669C78D9293F7BF5109EA0248AF23C28159DC7
                                                                                                                                                                                                              SHA-512:C950603FCF4C0B5D61AC6263301C44C67AACEB749857D8B2B08F7F3AE8B15240AFEDF5D1BFB821FD44782EE925A5E38B3E38AA3C1A134B124921F328B375EFDD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<TOOLBAR height="22" expireglobal="1440" name="SweetIM Toolbar for Internet Explorer" id="tbs_toolbar_001752" redirectonquit="0">.. <SETTINGS scope="0">.. REGVALUE id="id_async_speed_optimization" name="HandleEventsAsync" value="false" overwrite="true"/ -->.. <MESSAGE id="id_msg_findword" default="$sweetim.property.button.findword.tooltip;"/>.. <MESSAGE id="id_msg_uninstall_close_instances" default="$sweetim.message.uninstall.close_instances;"/>.. <MESSAGE id="id_msg_general_caption" default="$sweetim.message.general.caption;"/>.. <MESSAGE id="id_msg_clearhist_tool" default="$sweetim.message.clearhistory_tool;"/>.. <MESSAGE id="id_msg_active_content_tooltip" default="$sweetim.button.sweetim_content.active.tooltip;"/>.. <URL id="firstURL" default="http://www.sweetim.com/installbar.asp?barid=$toolbar_id;"/>.. <URL id="serverpath" default="http://www.sweetim.com/simiebar/"/>.. <U

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):869
                                                                                                                                                                                                              Entropy (8bit):7.724749684662738
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72uhawVsXDd8HrtpLae7I6TeRg7EGrhLADjCznC9c9qtpMaPhvGklVV5KSChX:6aZXAr+jQUg4GrhLUjCLC9lP4G5KS8X
                                                                                                                                                                                                              MD5:920D3D7C15F7AB6E00F2A8C3593CA86C
                                                                                                                                                                                                              SHA1:74147628E2FCF44B2AF427A67DBE6278E8784416
                                                                                                                                                                                                              SHA-256:8D53BA3EF30AA548B8B5870EBF264863AB28BFB28BA0338337EA81FB10E931D0
                                                                                                                                                                                                              SHA-512:6108CE806BA0210A00A8250EBA0A74AAF9934F000C1EEC6E4750068A46EF4447D275C0A89053933B4E3ACE6529F5425D7F0ABBD7F8C2DDE4961A5FA32E9C0F88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\.[h.y....L&i:.mRl.Z/m...A...ESJ.hY..\...(..(./.y.A.X.a....VE.JD[A7].....K.\L.e2.LlK=p........}.~._.[L_.g...X.....o..s.?.=v.Q......T*..G.gU.D........?...:..U*.w7.`.]]?#z.^....|Q...$M...?dr.&....K.Y...Qq...h.d2e0...|...@.C....:I.....K.B...bo_...X,.iL.UU....]{..f..w....pL.@......9....~..#.%.....J.1.*...'B..U..m.[3t6....4.w......OW.Z.....!..U.g.....L.S&S...`..\N6lX_..z..m.{..$Q....Du5./.........j....dY.{MH..+@(.....O0...2..ZDg..H.4...%..>.n..x<p.6.....".,t..$.......q....o.M2...._...g.-.'...pA.\...}(..G}.&.......'...Rk7i.r...._6...3.#....u...#..s5......%...#..E6.....J...'}....9c..~.E.(!..`.T!y..B.K>.X.%<(Q...W_.......2...).). ..l.....,.,.......i.--..HhL.Q.}..$...Rf..*...Hb...Cnh..T..&.?.e..?v1Q....|...Bk..........!.................IEND.B`.

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3337
                                                                                                                                                                                                              Entropy (8bit):7.886640514351696
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTt/4E/TS:bSDS0tKg9E05T/S
                                                                                                                                                                                                              MD5:3E2E639063054CCB59DB68C2A9243AFB
                                                                                                                                                                                                              SHA1:FD9461012CFA0ABD8333645E6A55B87DC5AC6537
                                                                                                                                                                                                              SHA-256:5D79D48F3FC4EEEF3A8C46FEF30DF602BE257730F841B99BECE79F7D9356D7E6
                                                                                                                                                                                                              SHA-512:730CF2834D48BDDA697E580064DAE1060D057A9F39D33C8A632D790F7E0B3097DD70421E31C09D33A914E763CB1C39E2C75554D8F6B4EB11B45A8962E8FBBA37
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):31069
                                                                                                                                                                                                              Entropy (8bit):4.590886812904986
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:qMSlAWyUVxK4oNW2yP7vKSIyEW5D0SYpZHENN48JpaXf9hID:qMoXDoNqX1P54SoZHENN48JpaXf9hID
                                                                                                                                                                                                              MD5:896C0385C1D7472C8EE40762B39493DD
                                                                                                                                                                                                              SHA1:AB23DC84BCA3FF8A9536B4361CE459E0F9650352
                                                                                                                                                                                                              SHA-256:0C3848FB16840330E91AE7D1E066A4ADB0076D6CCA4C01B58C76F0E53EE364F8
                                                                                                                                                                                                              SHA-512:6FA58C3E53E743ABE1B9BF85F0D082B473BCE759626A03CBD2EFD8DD9190E7E8EEB738B369CC9BCCEF0609A663E5044842E923F84E41FAEE351CA152A501CEEA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:var g_objToolBar = null;..var g_doc = null;..var g_mainDoc = null;..var g_nButtonCounter = 0;..var g_id_sweetim_toolbar = "id_sweetim_toolbar";..var g_id_bi_include_script = "id_bi_include_script";..var g_id_bi_track_script = "id_bi_track_script";..var g_bi_url = "http://content.sweetim.com/bi/bi.js";..var g_debug = false;..var g_bLoggingEnabled = null;..var g_fileName = null;..var g_script_id = null;..var g_domain = null;..var g_yahooClassicIntervalId = 0;....// struct of a button, contains:..// 1. command id of which menu to open..// 2. url of the image of the button..// 3. tooltip string of the button..function Button(commandId, imgUrl, tooltip) ..{.. this.commandId = commandId;.. this.imgUrl = imgUrl;.. this.tooltip = tooltip;..}....// global array that contains the command id, image ural and the tooltip of each button..var g_arrButtons = [../* buttons are added dynmically to array, using xml*/../*.. new Button("id_command_emoticons", "http://content.sweetim.com/toolba

                                                                                                                                                                                                              C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442
                                                                                                                                                                                                              Entropy (8bit):7.104637400753022
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/78f2s/6T6is1kJ4nnQmCOZBw4r9Ah/kmZscG2E3d:Z2s/6WR1KcnQcF9csmGF3d
                                                                                                                                                                                                              MD5:F64113435D357717C72EBF0E86B317E6
                                                                                                                                                                                                              SHA1:85CA037F08378619D4322A7F4EDBB5FC55AEFC5E
                                                                                                                                                                                                              SHA-256:A3DB26273631B16D9F68100C2C8B9096C899B320AE2C3EE787D31D6DBC0826E9
                                                                                                                                                                                                              SHA-512:F7B60E594EFFDD05E84C8583F205A32BFB87BB4CB084F0B49FDEAF5797B4128AA4B2D72A7FB1FB4FC112CAFF1958C1632E19ED658C564727656604746BECF616
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....sRGB.........bKGD..............pHYs.................tIME.....;'.x.....:IDAT8..!k.@......P"B....S..G..(....eT.15..c.b?`..b.....U#...pb.....L.;r./.^u.}.......yx.Pde...UNA2..EH...7.S..dw.u.....n..G.`|...."+....d5$.!.Jj...Qr.*....J:Q@....*.:=M..S.../.....>_>........r.+...s....\.f..(.d.X..mW...%5.|.\.=.......?.y~.,.%5....%...Q..YY......c....-..N.6.6I.a...1J.\.\y.....Y...jH;.....J...v......IEND.B`.

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\adapter.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):225
                                                                                                                                                                                                              Entropy (8bit):5.068773421445466
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:TMVBdoIUojlF6XqDUbUi/IA/4olBroHKbFk:TMHdoIzuqDUbHz/4oloAFk
                                                                                                                                                                                                              MD5:FD274CA061D166764AEE95F6875DE16F
                                                                                                                                                                                                              SHA1:9A2D8F3D07A2BEE7DCEE006BE14F3EF3F5A1DBF1
                                                                                                                                                                                                              SHA-256:5AF5F0AA2C2643FD07FABA2C9641F764810BC6BE27CB937F89B6393D32965313
                                                                                                                                                                                                              SHA-512:B6B6EC21B95F86AB454DD0A74630B0AEB521ED4BC81574C8B48777927C1DFE78A07075D05B5E3226BBDC1318DDEBDC7CCDD8C525425085E4ABB38F042E1219D1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->....<Main>...<Plugins>....<Modules Number="1"/>....<Module1 Location="$install_dir\mgSweetIM.dll"/>...</Plugins>..</Main>..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\autoupdate.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):533
                                                                                                                                                                                                              Entropy (8bit):5.365013433339208
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMHdY9ML8Q/z2lyn3Ug08RCrz2lyMgpWkSs64dB/+Vf5BuEdM43:2dj8Ji3UJ85n0WYD/0GEdM43
                                                                                                                                                                                                              MD5:C2EFB572BA7F1953909C401DB5AC8765
                                                                                                                                                                                                              SHA1:63A66651D881FE6D35B7CC1AA316089CCA53A9AB
                                                                                                                                                                                                              SHA-256:F9CD2AC229D0E66BDC7D81EE489FECD75ED847C4BF016F886617FD609CFE0691
                                                                                                                                                                                                              SHA-512:B7598E4583FBD79D4ECCA76CC5613A5614B34A4878C405387130EF111D7B8AD8BD41EF270A895CA3B955C6F0D0F1F919B9A9807F3A73C31B0F129AFC4A503957
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" ?>..<AutoUpdate>.. <QUERYSERVERS HTTPTIMEOUTSEC="60">.. <SERVER URL="http://www.sweetim.com/autoupdate/u.asp" PRIORITY="1"/>.. </QUERYSERVERS>.. <DOWNLOADSERVERS>.. <SERVER URL="http://www.sweetim.com/download/install/SweetIMSetup.exe" PRIORITY="1" />.. </DOWNLOADSERVERS>.. <LOCAL DIRECTORY="$data_dir\update\" FILE="sweetimsetup.exe" CRC="0" />.. <PING HOST="www.sweetim.com" CHECKUPDATEINTERVALSEC="43200" ESTABLISHCONNECTIONINTERVALSEC="60" />..</AutoUpdate>..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\contentpackages.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):104
                                                                                                                                                                                                              Entropy (8bit):4.712378786866583
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:DML3BMQTAGMNHU78AWeGRzBK/GMTA7GOEKpIQENMOZoKbn:cBBFMVW8AWeG0biGOOlNVp
                                                                                                                                                                                                              MD5:6D0EDE08B21272C8502FF9C7E3ECA6F9
                                                                                                                                                                                                              SHA1:C5F78B0AF519C8865D65F07645039345805EDF28
                                                                                                                                                                                                              SHA-256:50B52506D3420912AB9E7A5EEE27A5FF3BAA57AF8AC952C83E854AE6C78AF985
                                                                                                                                                                                                              SHA-512:AB47A91813D2FB03AADD476A60040B486575612E5878E740B818858B73707E545CDCD49D6F020C48835453EC8513F4EC3B2E4629F26D46E264B8E6A748B8A74C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<Main><Configuration version="1.0"><Files ActivePackages="active_packages.xml" /></Configuration></Main>

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\logger.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8142
                                                                                                                                                                                                              Entropy (8bit):5.013041253192573
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:sFHJWHJ0HJ4HJlHJJHJgHJUHJdHJqHJBHJKHJPHJDHJPHJS:sn
                                                                                                                                                                                                              MD5:CA844223E112A4404D3FA9C3302B39B7
                                                                                                                                                                                                              SHA1:80C7EDF057CAC1EEE0DA1EFA4A63FAEBC5422201
                                                                                                                                                                                                              SHA-256:4A814DA2B9164DC4E18040C2F26869C77E483C21B23CEECE31C326627D81A53F
                                                                                                                                                                                                              SHA-512:50622BF360DC8485456A7E75E10F1316E1358B433D6BA6F710B3D27661E4461234792B673E2D70D93A28FFFE57EDCBC80BD1B184F8527679F3F18D81120AF11F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.. @version: -->.. ..Levels number index:.....DEBUG = 1,...CONFIG =2,...INFO = 3,...WARNING = 4,...SEVERE = 5,...CRITICAL = 6,.....ALL = 0,...OFF = 7..........MinReportLevel - the min. level of reporting; ..MaxNumberOfLines - the max number of log lines to show on the window..-->..<Main>.. <MSNMessengerAdapterLogger>.. <WindowHandler MinReportLevel="0" MaxNumberOfLines="1000" WindowHeight="600" WindowWidth="400"/>.. <FileHandler MinReportLevel="0" MaxFileSize="5000000" MaxNumberOfFiles="1" FileName="$data_dir/logs/MSNAdapter.log" AppendToFile="true"/>.. <MemoryHandler MinReportLevel="0" BufferSize="1000" TargetHandler="FileHandler"/>.. <DebugHandler MinReportLevel="0"/>.. <Logger MinReportLevel="0" TargetHandler="FileHandler"/>.. </MSNMessengerAdapterLogger>.. <MSNMessengerAutoLogger>.. <WindowHandler MinReportLevel="0" MaxNumberOfLines="1000" WindowHeight="600" WindowW

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\messages.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1802
                                                                                                                                                                                                              Entropy (8bit):4.959307221582724
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:pjxZR4Kh1KlSWOjMjMI4Jr59Gk8SB2hHzBOiUQhpZAgj:7aA5wk8SoHzBOiUQhp6gj
                                                                                                                                                                                                              MD5:82911B83E6266C597230503F1B00AA73
                                                                                                                                                                                                              SHA1:49860EC23DE7555A9A5FC073DB423B02799CE7FC
                                                                                                                                                                                                              SHA-256:061E982CEDBA8DB7000DFF75B576D509F7FA9558CDEDE8648DE2C08E89584C8C
                                                                                                                                                                                                              SHA-512:167430B7B9771B0419EB037DFD78B44F037C490CAC156E87187A16C059F1E1ACD738383C729923C966D83F5FEAEB92954351C714CCC81E56834150261E4DF4BA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<Main>...<GeneralMessages>.. <M1000 Text="Error #12: Please exit the messenger and re-enter. If the problem still exists, contact SweetIM: support@sweetim.com"/>.. <M1001 Text="Error #13: Please exit the messenger and re-enter. If the problem still exists, contact SweetIM: support@sweetim.com"/>.. <M1003 Text="Play: (\@LB%s\@LE[%d,%d,%d])"/>.. <M1004 Text="Play Nudge: (\@LB%s\@LE[%d,%d,%d])"/>.. <M1005 Text="You cannot use shortcuts for emoticons in this chat, since your buddy doesn't have SweetIM."/>.. <M1006 Text="Error #11: Please exit the messenger and re-enter. If the problem still exists, contact SweetIM: support@sweetim.com"/>.. <M1007 Text="Get the newest version of SweetIM -- www.sweetim.com "/>.. <M1008 Text="You must upgrade to the newest version of SweetIM -- www.sweetim.com "/>.. <M1009 Text="You have invited %s to play %s. Please wait for a response or \@LBCancel\@LE[%d,%d,%d] invitation."/>.. <M1010 Te

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1206
                                                                                                                                                                                                              Entropy (8bit):5.178687684033766
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:2dVzuqi0VOCwMt4w/sgmNtaesut/tORPIs00WCsySr+:cVqcECwg4wEgmNtae/eT0i
                                                                                                                                                                                                              MD5:C3CF094F86C5EB6BC5F592AC735549A7
                                                                                                                                                                                                              SHA1:3D8E4B2F181730C53EFE985462584A44123D5CC5
                                                                                                                                                                                                              SHA-256:98D43D8D8379A925C791B0B30DBA997C1A89E2ECA8D02BE40FAA231C10EE0AC0
                                                                                                                                                                                                              SHA-512:664A750DED7EDD56288F1B0ACE495C941E3F6629496CFC9669E2DE8B6E5F4F0A1B066F4E7C3911FA12AB2A7C82B956573C70611EF266A041809F1068CF031CB7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->....<Main>.. <Chat>.. <Menu Width="346" Height="220"/>.. </Chat>.. <ConfigFiles.. MessagingConfigFilePath="$data_dir\conf\messages.xml" .. UserConfigPath="$data_dir\conf\users\"....MainUserConfigFile="main_user_config.xml"....AllUsersConfigPath="$data_dir\conf\users\AllUsers\"....PackagesConfigPath="$data_dir\conf\contentpackages.xml"/>.. <Content>.. <Database .. CacheDirectory="$data_dir\data\contentdb\" .. CacheIndex="cache_indx.dat"/>.. </Content>.. <Resources>.. GDIPlus Path="$install_dir\gdiplus.dll"/-->.. <Images Path="$install_dir\resources\images\"/>.. </Resources>...<Dispatcher>....<Communication .....ServerAddress="app.sweetim.com" .....ServerPort="80" .....SIMVD="sweetim/dispatcher".....HTTPTimeOutSec="120".....AttemptConnect="false".....PingIntervalSec="15".....PingCount="3".....Sleep

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\sweetimapp.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):214
                                                                                                                                                                                                              Entropy (8bit):4.87921790023908
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:vFWWMNHU8LdgCIIUROELA/dFSzLrR4j3UbIh1IqGwpOnUYIP9MM3NFmEqGwp69y:TMVBdoIUojlF6XqDUbY1ISMnU/l1nzSX
                                                                                                                                                                                                              MD5:B7754D9BDCE3C62E0B9E8E1774106875
                                                                                                                                                                                                              SHA1:C8D7B4DD4A696D0111B5DBF2D3D442A7139BF179
                                                                                                                                                                                                              SHA-256:D356149A0AD5322F4597CC1E97B840402D41ECF3F25C05AACD985C438126FC5E
                                                                                                                                                                                                              SHA-512:C8356C68545AE0368E342CC425583FAD706181954F2285138E829CF5C0A50D196BA53FB57D361DBD594D3E23125D0BF59942D8EC948329865BB22BFD363D0666
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->....<Main>.. <AutomaticUpdate>.. <Manager AgentKeepAliveSec="900"/>.. </AutomaticUpdate>..</Main>..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):594
                                                                                                                                                                                                              Entropy (8bit):5.030453485747072
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMHdoIzuqDUbJNB2J/23nzvi/gGOHgiWqJGr6qQOweq2liWq/KliWqnL+:2dVzuqit2keAWqVq/wgEWAKEWcL+
                                                                                                                                                                                                              MD5:F2FE00F312CA046FD886C726A61C8964
                                                                                                                                                                                                              SHA1:F8FD9C0A8135A24E038FC6736A804F62D5E850E6
                                                                                                                                                                                                              SHA-256:DAFBD5750994583D2F879AD5E1A9AD1B6334ED9EED3318E46A74F6D21245A600
                                                                                                                                                                                                              SHA-512:B51BD49B75D0ACDA0A304A206687373DBF7058C87E2886E891201F91185740CB26B085C01A431854418B96255D888687728DD5961A9EA7D19282AC6E27E6D0E3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>.... ..@version: ....explain usage..-->..<Main>.. <Configuration version="1.0">.. <UserConfigFiles EmoticonsShortCut="emoticons_shortcut.xml" UserConfig="user_config.xml" ContentUpdateNotification="content_update_notification.xml"/>.. </Configuration>.. <MSNTAB Active="1" ImageURL="http://content.sweetim.com/msntab/images/msntablogo.png" Name="SweetIM" ToolTip="SweetIM" ContentURL="http://content.sweetim.com/msntab/t.asp" HitURL="http://content.sweetim.com/msntab/images/hit.gif" />..</Main>..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\bar.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1321
                                                                                                                                                                                                              Entropy (8bit):5.293105930708076
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:gi0gAwfuCsAyvUZsC/4PVxMMN7e5yrFMULG9zA5ki0exFMNiNVML5:gNg9yvUZsC/4tVN7eYr+UyikNex+NtL5
                                                                                                                                                                                                              MD5:F46B534329D6FD6DA8DF4007B73EB152
                                                                                                                                                                                                              SHA1:308FC8EC1C74C9CC7E3D8DDCB23B69BE8209ABF4
                                                                                                                                                                                                              SHA-256:DEE64F34FBD1CD62D103E60BC7904586293DCA648AC694534C15C3E01DBD350E
                                                                                                                                                                                                              SHA-512:3159B0431676464D783D68CD3879D439082BB2FDFA24B26929844B7C527D44B2CB4D938064E70B89B37FB48FD51B121A4449ED1591CD720A02DC24E316B17D45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<html>..<head>.....<script type="text/javascript">... ...function window_onload() {....return true;...}.. ...function imbar_DoFSCommand(command, args) {....if(command == "link_cmd") {.....OpenExternalURL(args);....}.....else {......window.external.Flash_FSCommand(command , args);....}...}......function SweetIMVerification(args){....if(args=="SweetIM") {.....return 1;....}....else {.....return 0;....}...}......function SweetIMSetVersion(version){....return 1;...}......function MSNMessengerSetVersion(version) {....return 1;...}.....function IMSetVersion(version){....return 1;...}.....function OpenExternalURL(url) {....if(url != null) {.....if(window.external.IE_NewWinEnable("", "") == 1){.......window.open(url);......}....}...}...-->...</script>...<script language="VBScript">...On Error Resume Next...Sub imbar_FSCommand(ByVal command, ByVal args)....call imbar_DoFSCommand(command, args)...end sub...</script>.....</head>..<body bgcolor="#eef3fa" style="margin:0px" scroll="no" langua

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\bar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):658
                                                                                                                                                                                                              Entropy (8bit):5.308390075339653
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:FkY6SGSfKZeENb3Z63iJKyh0eI+cKePweK9e6ojcRp:/Uhtf1hrImp
                                                                                                                                                                                                              MD5:6BFA07FCC2ECB46B7452E4A08BA43048
                                                                                                                                                                                                              SHA1:D806CD0C04B277AEA705E5048612600DBE6D3097
                                                                                                                                                                                                              SHA-256:51C8FCC7DFEDBFB2B683D9A477AB1A2F9028ED252E05D485D600BBE3601541C5
                                                                                                                                                                                                              SHA-512:6BBCDBF9D533371F89D4E8473C4C5CCDACAD94CBDD931B1A13AE3D4FC194C7A28C3637EE8F45936F9EA066C411A9E53DFFC03BCDD22F5EBA9EFA0ACCB8061235
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" ');..document.write('codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" ');..document.write('width="100%" ');..document.write('height="100%" ');..document.write('id="imbar" ');..document.write('align="top">');..document.write('<param name="allowScriptAccess" value="sameDomain" />');..document.write('<param name="movie" value="' + _fl + '?BAROffsetX=' + _offsetX + '" />');..document.write('<param name="quality" value="high" />');..document.write('<param name="bgcolor" value="' + _bgColor + '" />');..document.write('</object>');..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100\bar.swf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Macromedia Flash data (compressed), version 8
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):53874
                                                                                                                                                                                                              Entropy (8bit):7.9959082761869
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:768:Mhsbz1/08uuoH5mOxUJpki3XjqqPqCpcmWygwxsOS80EBBpV3GFW+niZPTuDaS17:wstMTuolYpkIXjzTO80EBBPGFQZaR
                                                                                                                                                                                                              MD5:4A5648990EB842621BB5EC6103FCFAB9
                                                                                                                                                                                                              SHA1:9F6CE2C7F9B23E49ACA8E8640299367462F0A556
                                                                                                                                                                                                              SHA-256:4166F5D44351BEF154DAA41D9192CCEF1869B4E83C5710392FE3AA1E890B240B
                                                                                                                                                                                                              SHA-512:D4F21FED7574DD055357EBD6BD352146EEF4EA41A475654D793F3BD4CA6627373ADFC1C9D94ED90968238CA92BA424A1FE421BDF19E8558966177496BA8BABCF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:CWS.....x..}.<U..:.<f.2.$S...y.C.<e..JN..R.#$...(B*....T.(.2UJ......{............w?k..z....Y..}..t..`................P..0.....u.@ .....].d.K..J.ei<@.3uz..^.C..Oh..U...N..hd..X..)JF....^..>.~....0.V.[...r....5.i.-b.w.....$.A.@.=....3s3...f.....6..f.:.zZ.&6..+\.-...;.+...z.E..z..(`....B.#.<..N?O.B.zsp`.[..*Q.#....x...W.@r.}...p?.. ..,..$C..]H.b.~A.D1D..\|;(...k.}..b.O.0..?.D,.7x.."T.hkY.......e...tM.m.7..Y.l...7.r.v.f......]h...j.....chma...ba....j..k...Z&..}-....u...t~.6......-.6.k./.....hSH..PK.... ....-..'84.P.P.V..........@*..S....U.3...SRa..A..Y`...1*..!.."T.X@..Qcx.C..3...F.....F.J....xa1r3}...xB...)..(. i.?K.O.V...L.....4..0H......c..c..@.@..HT.a^A...P..E....Y.WP8.'2.....+.`<......'..KT.%.2..>...P..2C...(0.Ar@MG.!...P...3....2..l.K."K;h...3\.g.L..P.....o.....L../)j.x.. s...#<"...+...%W..<-..%..H...R9T..wa*p.#(4I1.&).......3.T.9F.....XD.>..N...H.<T...T..S^*J.)......t*@%.AO..\.(..).h.QAa...C.E.q....\B.....J._.W............<..<.."..B.<.........r..Z

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\bar.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1321
                                                                                                                                                                                                              Entropy (8bit):5.293105930708076
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:gi0gAwfuCsAyvUZsC/4PVxMMN7e5yrFMULG9zA5ki0exFMNiNVML5:gNg9yvUZsC/4tVN7eYr+UyikNex+NtL5
                                                                                                                                                                                                              MD5:F46B534329D6FD6DA8DF4007B73EB152
                                                                                                                                                                                                              SHA1:308FC8EC1C74C9CC7E3D8DDCB23B69BE8209ABF4
                                                                                                                                                                                                              SHA-256:DEE64F34FBD1CD62D103E60BC7904586293DCA648AC694534C15C3E01DBD350E
                                                                                                                                                                                                              SHA-512:3159B0431676464D783D68CD3879D439082BB2FDFA24B26929844B7C527D44B2CB4D938064E70B89B37FB48FD51B121A4449ED1591CD720A02DC24E316B17D45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<html>..<head>.....<script type="text/javascript">... ...function window_onload() {....return true;...}.. ...function imbar_DoFSCommand(command, args) {....if(command == "link_cmd") {.....OpenExternalURL(args);....}.....else {......window.external.Flash_FSCommand(command , args);....}...}......function SweetIMVerification(args){....if(args=="SweetIM") {.....return 1;....}....else {.....return 0;....}...}......function SweetIMSetVersion(version){....return 1;...}......function MSNMessengerSetVersion(version) {....return 1;...}.....function IMSetVersion(version){....return 1;...}.....function OpenExternalURL(url) {....if(url != null) {.....if(window.external.IE_NewWinEnable("", "") == 1){.......window.open(url);......}....}...}...-->...</script>...<script language="VBScript">...On Error Resume Next...Sub imbar_FSCommand(ByVal command, ByVal args)....call imbar_DoFSCommand(command, args)...end sub...</script>.....</head>..<body bgcolor="#eef3fa" style="margin:0px" scroll="no" langua

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\bar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):658
                                                                                                                                                                                                              Entropy (8bit):5.308390075339653
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:FkY6SGSfKZeENb3Z63iJKyh0eI+cKePweK9e6ojcRp:/Uhtf1hrImp
                                                                                                                                                                                                              MD5:6BFA07FCC2ECB46B7452E4A08BA43048
                                                                                                                                                                                                              SHA1:D806CD0C04B277AEA705E5048612600DBE6D3097
                                                                                                                                                                                                              SHA-256:51C8FCC7DFEDBFB2B683D9A477AB1A2F9028ED252E05D485D600BBE3601541C5
                                                                                                                                                                                                              SHA-512:6BBCDBF9D533371F89D4E8473C4C5CCDACAD94CBDD931B1A13AE3D4FC194C7A28C3637EE8F45936F9EA066C411A9E53DFFC03BCDD22F5EBA9EFA0ACCB8061235
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" ');..document.write('codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" ');..document.write('width="100%" ');..document.write('height="100%" ');..document.write('id="imbar" ');..document.write('align="top">');..document.write('<param name="allowScriptAccess" value="sameDomain" />');..document.write('<param name="movie" value="' + _fl + '?BAROffsetX=' + _offsetX + '" />');..document.write('<param name="quality" value="high" />');..document.write('<param name="bgcolor" value="' + _bgColor + '" />');..document.write('</object>');..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200\bar.swf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Macromedia Flash data (compressed), version 8
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):53874
                                                                                                                                                                                                              Entropy (8bit):7.9959082761869
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:768:Mhsbz1/08uuoH5mOxUJpki3XjqqPqCpcmWygwxsOS80EBBpV3GFW+niZPTuDaS17:wstMTuolYpkIXjzTO80EBBPGFQZaR
                                                                                                                                                                                                              MD5:4A5648990EB842621BB5EC6103FCFAB9
                                                                                                                                                                                                              SHA1:9F6CE2C7F9B23E49ACA8E8640299367462F0A556
                                                                                                                                                                                                              SHA-256:4166F5D44351BEF154DAA41D9192CCEF1869B4E83C5710392FE3AA1E890B240B
                                                                                                                                                                                                              SHA-512:D4F21FED7574DD055357EBD6BD352146EEF4EA41A475654D793F3BD4CA6627373ADFC1C9D94ED90968238CA92BA424A1FE421BDF19E8558966177496BA8BABCF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:CWS.....x..}.<U..:.<f.2.$S...y.C.<e..JN..R.#$...(B*....T.(.2UJ......{............w?k..z....Y..}..t..`................P..0.....u.@ .....].d.K..J.ei<@.3uz..^.C..Oh..U...N..hd..X..)JF....^..>.~....0.V.[...r....5.i.-b.w.....$.A.@.=....3s3...f.....6..f.:.zZ.&6..+\.-...;.+...z.E..z..(`....B.#.<..N?O.B.zsp`.[..*Q.#....x...W.@r.}...p?.. ..,..$C..]H.b.~A.D1D..\|;(...k.}..b.O.0..?.D,.7x.."T.hkY.......e...tM.m.7..Y.l...7.r.v.f......]h...j.....chma...ba....j..k...Z&..}-....u...t~.6......-.6.k./.....hSH..PK.... ....-..'84.P.P.V..........@*..S....U.3...SRa..A..Y`...1*..!.."T.X@..Qcx.C..3...F.....F.J....xa1r3}...xB...)..(. i.?K.O.V...L.....4..0H......c..c..@.@..HT.a^A...P..E....Y.WP8.'2.....+.`<......'..KT.%.2..>...P..2C...(0.Ar@MG.!...P...3....2..l.K."K;h...3\.g.L..P.....o.....L../)j.x.. s...#<"...+...%W..<-..%..H...R9T..wa*p.#(4I1.&).......3.T.9F.....XD.>..N...H.<T...T..S^*J.)......t*@%.AO..\.(..).h.QAa...C.E.q....\B.....J._.W............<..<.."..B.<.........r..Z

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\bar.html

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1321
                                                                                                                                                                                                              Entropy (8bit):5.293105930708076
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:gi0gAwfuCsAyvUZsC/4PVxMMN7e5yrFMULG9zA5ki0exFMNiNVML5:gNg9yvUZsC/4tVN7eYr+UyikNex+NtL5
                                                                                                                                                                                                              MD5:F46B534329D6FD6DA8DF4007B73EB152
                                                                                                                                                                                                              SHA1:308FC8EC1C74C9CC7E3D8DDCB23B69BE8209ABF4
                                                                                                                                                                                                              SHA-256:DEE64F34FBD1CD62D103E60BC7904586293DCA648AC694534C15C3E01DBD350E
                                                                                                                                                                                                              SHA-512:3159B0431676464D783D68CD3879D439082BB2FDFA24B26929844B7C527D44B2CB4D938064E70B89B37FB48FD51B121A4449ED1591CD720A02DC24E316B17D45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<html>..<head>.....<script type="text/javascript">... ...function window_onload() {....return true;...}.. ...function imbar_DoFSCommand(command, args) {....if(command == "link_cmd") {.....OpenExternalURL(args);....}.....else {......window.external.Flash_FSCommand(command , args);....}...}......function SweetIMVerification(args){....if(args=="SweetIM") {.....return 1;....}....else {.....return 0;....}...}......function SweetIMSetVersion(version){....return 1;...}......function MSNMessengerSetVersion(version) {....return 1;...}.....function IMSetVersion(version){....return 1;...}.....function OpenExternalURL(url) {....if(url != null) {.....if(window.external.IE_NewWinEnable("", "") == 1){.......window.open(url);......}....}...}...-->...</script>...<script language="VBScript">...On Error Resume Next...Sub imbar_FSCommand(ByVal command, ByVal args)....call imbar_DoFSCommand(command, args)...end sub...</script>.....</head>..<body bgcolor="#eef3fa" style="margin:0px" scroll="no" langua

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\bar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):658
                                                                                                                                                                                                              Entropy (8bit):5.308390075339653
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:FkY6SGSfKZeENb3Z63iJKyh0eI+cKePweK9e6ojcRp:/Uhtf1hrImp
                                                                                                                                                                                                              MD5:6BFA07FCC2ECB46B7452E4A08BA43048
                                                                                                                                                                                                              SHA1:D806CD0C04B277AEA705E5048612600DBE6D3097
                                                                                                                                                                                                              SHA-256:51C8FCC7DFEDBFB2B683D9A477AB1A2F9028ED252E05D485D600BBE3601541C5
                                                                                                                                                                                                              SHA-512:6BBCDBF9D533371F89D4E8473C4C5CCDACAD94CBDD931B1A13AE3D4FC194C7A28C3637EE8F45936F9EA066C411A9E53DFFC03BCDD22F5EBA9EFA0ACCB8061235
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" ');..document.write('codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" ');..document.write('width="100%" ');..document.write('height="100%" ');..document.write('id="imbar" ');..document.write('align="top">');..document.write('<param name="allowScriptAccess" value="sameDomain" />');..document.write('<param name="movie" value="' + _fl + '?BAROffsetX=' + _offsetX + '" />');..document.write('<param name="quality" value="high" />');..document.write('<param name="bgcolor" value="' + _bgColor + '" />');..document.write('</object>');..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400\bar.swf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Macromedia Flash data (compressed), version 8
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):53673
                                                                                                                                                                                                              Entropy (8bit):7.995428299378701
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:1536:AGnEE3lFGqTbwerl30peikaEd8raqt4MbiJU66TjNsAv:AGlDtTprV0pei/cMgKjNsK
                                                                                                                                                                                                              MD5:83F8E5A29FB110CA0579DE9AB53B8DEC
                                                                                                                                                                                                              SHA1:0F96C316DCEA9CFC5B120CF96E079F8F0632F94E
                                                                                                                                                                                                              SHA-256:E1099174DD3B60140FEFC201B202125FA9ABAE1727B90C7B5EC30CFC105921D5
                                                                                                                                                                                                              SHA-512:CB0426A3E35268727BFADE2FFA7E829CC3AE37E1A471D556078AFB28EF359CB0A3D805133C74451091293BD175D273BB10F56212C227E4EBC3EDE28F29E6D9A9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:CWS.....x..}.<U.....!..TQ....y..).5O.B.[i4.L...$C.H.....BE...I...{....>........?O..t.....w...Zko.....M.Xk.?.h...:v..........0......D"`...@q...j.4.3(.e3]..@...0.o...fy.b8%@.....BO..f.@..;dz..-.........z...y.,.. yU...........T).P.p.>f...4r2...F..&.....F...Zj........)...5......}..|..C(0t.r..~....a...t.e.......D.s.q.~.x_..J../......p..%.H.. .....@.......".!"......n...I...\<.I7.=...@w....Pq.].<>...@..o..44..U762wPW...66..V.F....v..P....n.................;.&..j...m5...5....i..,t4.5.]....i/|"V..hCH......A.....)........h`+...z.y.... ..(..X.`%.J....4..?h.2+.v...!c.....M..P.g....3q%.C...Z.2.Qp%Q.J.Z.^X..H..."....A*.-j3H.........p%Q.ZZZ:Jjm.\..))..c..c..C.@...U..x_.M.. }Q..,t......D...8..{...._ ..X/...$.QC*..(.ss......e%+..........2J...OE:c..L(._,)...#.........?3d.K..$.F.|./...g...IQ...]...&..A....\..../.r..i../..@.4....8x...2.B...d.b.&...<?3.MPbT.&h.H.l.OW.`..4..S..J..j.*.)/.5.....|.OCK>.......4.$.....4..@i...C'.1"../.8...... ..|....pp........=..|.}.|.".....5.{....

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17
                                                                                                                                                                                                              Entropy (8bit):3.146286370662105
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:DML69y:4
                                                                                                                                                                                                              MD5:C3DAF1B5C21294F22A37417A2D7FC927
                                                                                                                                                                                                              SHA1:80EF4C2FF09137B25D655E2989475A7F88375E33
                                                                                                                                                                                                              SHA-256:CE399EE42336381D151F94FBFF7126FE6DEBC5956EE6D581B24E55EFDF7E1392
                                                                                                                                                                                                              SHA-512:9D2DB1E2CDE4FC8060F40AF1343424CD07B33569127A132926F7E3EAD33F470D4043E4F245A09DC4B08C4BA318959FED962A4B4854198E1B60F87C5665895836
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<Main>..</Main>..

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3316
                                                                                                                                                                                                              Entropy (8bit):4.829458731107662
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:RmMq1YRx/11co2kMukbw1f5HErHlkeJ5E8QcxMGj6IJDHz:pIY3d1co2kMukkFRuFkIE8QEfjbf
                                                                                                                                                                                                              MD5:55AF945CC675BC60A80C9F04F8762E24
                                                                                                                                                                                                              SHA1:8D4047C5738CC6B4E500350EDE101C19178044BC
                                                                                                                                                                                                              SHA-256:03CE1564461146FB06FAB2CBA25ECEA7108284D66BBFD618D3597D854FE98D47
                                                                                                                                                                                                              SHA-512:9BAC191C8CF75DCABD2AAF2B0B66E251B04FCA2B5823B7A86FABC9489FDA7B2FD92AE0DAFB4A9A9B2E34679C5C79069644AB5FF4F3C656A237BC21A2A23F872C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head> .... <script type="text/javascript">... ...//ondocument loaded...function SweetIMVerification(args){....if(args=="SweetIM") {........return 1;.......}....else {.. .....return 0;.....}...}......function SweetIMSetVersion(version){....return 1;...}......function IMSetVersion(version){....return 1;...}.....function SIM_DocumentComplete() {....SetDialogSize();...}.....function SIM_DocumentUnload() {.......}.....function window_onload() {....return true;...} .. ...function getQueryParam(paramName) {....var result = null;...try {...var qs = window.location.search;...if(qs.charAt(0) == "?") {....qs = qs.substr(1);...}...var pairs = qs.split("&");...var param;...if(pairs) {....for(var i = 0, count = pairs.length; i < count; i++) {.....param = pairs[i].split("=");.....if(param && param[0] == paramName) {

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\close_but.gif

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:GIF image data, version 89a, 38 x 38
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):908
                                                                                                                                                                                                              Entropy (8bit):7.625698581546624
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:9lCw2vKPvjkQxzSo3agsU0XfQd6t/VQSLguSA8jyx:iwwKP3hSo3agafAPLyx
                                                                                                                                                                                                              MD5:C17A25AA54FFE590CC641393863AF1C9
                                                                                                                                                                                                              SHA1:122CDAD63E0D6557B989BBCDCA9C869EE7A7A243
                                                                                                                                                                                                              SHA-256:F7BA5F88D66827A1F16903E1BD0BF672166B5C3BA5F4BEA7657FAAD17F0F6BD9
                                                                                                                                                                                                              SHA-512:66839CA9FC0FEE9BA737DC0E96DB3F3A83D533F62611063C879C2277EDA3C9C105DDC69C2A06A60EEFA98C47562853741EB002C330CAA373D3E7780EE7BF51FB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:GIF89a&.&..{....6Wk...:\p.............5?>U^0OcTkt.....j..2Rf_v~1Qe1Pd0Pd1QdCj}Em./Nb9\oY..U..W............m.....R}.3JT>buu..2QeCj|6Xkh..5WjDk~Bh{'@I...3Th:]pQ{.|.....x........5Vj......f.....0Pc7Yl...Kt.^..Gp.Lv....{..T~.S}......Bi|...I`i...z.....Fm._.....}..[..Dl~...8Zn...Fn.r..Kt.Js.Dk}Mw....Go.k.....Lu.l........X..Gn.Js.a..P{.Fn....4Ui`...........\..............Mx..*4Oz..../Nb............!.....{.,....&.&.....{...........(m.....Xy.....y+....k....,...h..`u.....eRnE....&w...!z.....; .<.._.Pa....q.F.I.'.Sv...91..{."5....c.+{..)C..zQ..{..d..KcI..KW..8P..... .[X....[,......x..3..O.j.,...... ?&.C......X...%..K..9.g1.yxZ.y.&..r..Y..S.Q.&.J..U<Y.*m..*.jH.2}y5.\...*.......iw+^.C..}{..1.W...kxb.!...[..P.O......1.#..Lw..K0.X.B.3.a.2O.c...KL.... ...N..0j...$,q..OY..*,.a....K..X...z.*j..`)K...l0%..%.o..;...T{P\.D...rX....`p..4p....6...>.0G."X".....E).f....."...vx..!....$<q.0.(...`..'...;

                                                                                                                                                                                                              C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2010:10:19 11:17:13], baseline, precision 8, 548x426, components 3
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):72670
                                                                                                                                                                                                              Entropy (8bit):7.8400818396253635
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:xXJtXR6zVgTMx9x34rGWiJRTDVY35S4ZO8613YSZ5K:xX3XQzVgsX3yGWEm35ScO3YMK
                                                                                                                                                                                                              MD5:A914E1126A5132E8965C5B5B7EBB47AB
                                                                                                                                                                                                              SHA1:7172B4284BF10739631D9356C6C8F72FB9818F50
                                                                                                                                                                                                              SHA-256:0F053089CCC6934D0DFD8BF8B72B6E126920531636069E9D627FB50A302CD024
                                                                                                                                                                                                              SHA-512:AA78CDE9B58153D468875CFF129BC23F77DBE118AD4E161D84729F8F429AE88F4CF798E938203CF3D54C7E3E140CF3912714F8D6EBCCF1D80615FFB5140ED3FB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2010:10:19 11:17:13............................$.......................................................&.(.................................P.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................|...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...p......:..#....r...O'.......G.[..;Q.&"D.n.S.'..JPc.'.i...............H..$..d..4.N..O....za-%.L.BJ^...x.w..<.O.@..@..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3003)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11053
                                                                                                                                                                                                              Entropy (8bit):5.327513941705984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:yq0F3AltzdbuJwAKxRQ+V+F5lnfmIWd0KZq9ZtZCEXqT0/CZE9:yFFQrBasxZGHnOIWdVetZpXqT0/C0
                                                                                                                                                                                                              MD5:EB82867BAF0AE3C289F2E167697A921D
                                                                                                                                                                                                              SHA1:479B30676CDB0B5667ABCE5ED21F13EF2450352F
                                                                                                                                                                                                              SHA-256:BDA3E1DB8953CBF66FF95D6247581FA2DB8EA01A19D6AC700EF8196FE6D80277
                                                                                                                                                                                                              SHA-512:B20594547791B6AA751C305550638A1AAB959CDEFFB10D0119E21F509A9DE2233A6B9E79B0CD1A5B04286BD5EE10C1BFC2E6C6A3A6D4F967FBC294D7AC0B0493
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:{. "NewTabPage":{"PrevNavigationTime":"13340886961014896"},. "account_tracker_service_last_update":"13340807398438930",. "alternate_error_pages":{"backup":true},. "announcement_notification_service_first_run_time":"13340807398295099",. "apps":{"shortcuts_arch":"","shortcuts_version":0},. "autocomplete":{"retention_policy_last_version":117},. "browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},. "commerce_daily_metrics_last_update_time":"13340807423268579",. "countryid_at_install":17224,. "default_apps_install_state":3,. "dips_timer_last_update":"13340886830181789",. "domain_diversity":{"last_reporting_timestamp":"13340881757303313"},. "download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3003)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11053
                                                                                                                                                                                                              Entropy (8bit):5.327513941705984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:yq0F3AltzdbuJwAKxRQ+V+F5lnfmIWd0KZq9ZtZCEXqT0/CZE9:yFFQrBasxZGHnOIWdVetZpXqT0/C0
                                                                                                                                                                                                              MD5:EB82867BAF0AE3C289F2E167697A921D
                                                                                                                                                                                                              SHA1:479B30676CDB0B5667ABCE5ED21F13EF2450352F
                                                                                                                                                                                                              SHA-256:BDA3E1DB8953CBF66FF95D6247581FA2DB8EA01A19D6AC700EF8196FE6D80277
                                                                                                                                                                                                              SHA-512:B20594547791B6AA751C305550638A1AAB959CDEFFB10D0119E21F509A9DE2233A6B9E79B0CD1A5B04286BD5EE10C1BFC2E6C6A3A6D4F967FBC294D7AC0B0493
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{. "NewTabPage":{"PrevNavigationTime":"13340886961014896"},. "account_tracker_service_last_update":"13340807398438930",. "alternate_error_pages":{"backup":true},. "announcement_notification_service_first_run_time":"13340807398295099",. "apps":{"shortcuts_arch":"","shortcuts_version":0},. "autocomplete":{"retention_policy_last_version":117},. "browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},. "commerce_daily_metrics_last_update_time":"13340807423268579",. "countryid_at_install":17224,. "default_apps_install_state":3,. "dips_timer_last_update":"13340886830181789",. "domain_diversity":{"last_reporting_timestamp":"13340881757303313"},. "download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3711a.TMP (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3003)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11053
                                                                                                                                                                                                              Entropy (8bit):5.327513941705984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:yq0F3AltzdbuJwAKxRQ+V+F5lnfmIWd0KZq9ZtZCEXqT0/CZE9:yFFQrBasxZGHnOIWdVetZpXqT0/C0
                                                                                                                                                                                                              MD5:EB82867BAF0AE3C289F2E167697A921D
                                                                                                                                                                                                              SHA1:479B30676CDB0B5667ABCE5ED21F13EF2450352F
                                                                                                                                                                                                              SHA-256:BDA3E1DB8953CBF66FF95D6247581FA2DB8EA01A19D6AC700EF8196FE6D80277
                                                                                                                                                                                                              SHA-512:B20594547791B6AA751C305550638A1AAB959CDEFFB10D0119E21F509A9DE2233A6B9E79B0CD1A5B04286BD5EE10C1BFC2E6C6A3A6D4F967FBC294D7AC0B0493
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{. "NewTabPage":{"PrevNavigationTime":"13340886961014896"},. "account_tracker_service_last_update":"13340807398438930",. "alternate_error_pages":{"backup":true},. "announcement_notification_service_first_run_time":"13340807398295099",. "apps":{"shortcuts_arch":"","shortcuts_version":0},. "autocomplete":{"retention_policy_last_version":117},. "browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},. "commerce_daily_metrics_last_update_time":"13340807423268579",. "countryid_at_install":17224,. "default_apps_install_state":3,. "dips_timer_last_update":"13340886830181789",. "domain_diversity":{"last_reporting_timestamp":"13340881757303313"},. "download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3bb62.TMP (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3003)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11053
                                                                                                                                                                                                              Entropy (8bit):5.327513941705984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:yq0F3AltzdbuJwAKxRQ+V+F5lnfmIWd0KZq9ZtZCEXqT0/CZE9:yFFQrBasxZGHnOIWdVetZpXqT0/C0
                                                                                                                                                                                                              MD5:EB82867BAF0AE3C289F2E167697A921D
                                                                                                                                                                                                              SHA1:479B30676CDB0B5667ABCE5ED21F13EF2450352F
                                                                                                                                                                                                              SHA-256:BDA3E1DB8953CBF66FF95D6247581FA2DB8EA01A19D6AC700EF8196FE6D80277
                                                                                                                                                                                                              SHA-512:B20594547791B6AA751C305550638A1AAB959CDEFFB10D0119E21F509A9DE2233A6B9E79B0CD1A5B04286BD5EE10C1BFC2E6C6A3A6D4F967FBC294D7AC0B0493
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{. "NewTabPage":{"PrevNavigationTime":"13340886961014896"},. "account_tracker_service_last_update":"13340807398438930",. "alternate_error_pages":{"backup":true},. "announcement_notification_service_first_run_time":"13340807398295099",. "apps":{"shortcuts_arch":"","shortcuts_version":0},. "autocomplete":{"retention_policy_last_version":117},. "browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},. "commerce_daily_metrics_last_update_time":"13340807423268579",. "countryid_at_install":17224,. "default_apps_install_state":3,. "dips_timer_last_update":"13340886830181789",. "domain_diversity":{"last_reporting_timestamp":"13340881757303313"},. "download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF43082.TMP (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3003)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11053
                                                                                                                                                                                                              Entropy (8bit):5.327513941705984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:yq0F3AltzdbuJwAKxRQ+V+F5lnfmIWd0KZq9ZtZCEXqT0/CZE9:yFFQrBasxZGHnOIWdVetZpXqT0/C0
                                                                                                                                                                                                              MD5:EB82867BAF0AE3C289F2E167697A921D
                                                                                                                                                                                                              SHA1:479B30676CDB0B5667ABCE5ED21F13EF2450352F
                                                                                                                                                                                                              SHA-256:BDA3E1DB8953CBF66FF95D6247581FA2DB8EA01A19D6AC700EF8196FE6D80277
                                                                                                                                                                                                              SHA-512:B20594547791B6AA751C305550638A1AAB959CDEFFB10D0119E21F509A9DE2233A6B9E79B0CD1A5B04286BD5EE10C1BFC2E6C6A3A6D4F967FBC294D7AC0B0493
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:{. "NewTabPage":{"PrevNavigationTime":"13340886961014896"},. "account_tracker_service_last_update":"13340807398438930",. "alternate_error_pages":{"backup":true},. "announcement_notification_service_first_run_time":"13340807398295099",. "apps":{"shortcuts_arch":"","shortcuts_version":0},. "autocomplete":{"retention_policy_last_version":117},. "browser":{"has_seen_welcome_page":false,"should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},. "commerce_daily_metrics_last_update_time":"13340807423268579",. "countryid_at_install":17224,. "default_apps_install_state":3,. "dips_timer_last_update":"13340886830181789",. "domain_diversity":{"last_reporting_timestamp":"13340881757303313"},. "download":{"directory_upgrade":true,"always_open_pdf_externally":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\track[1].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):167
                                                                                                                                                                                                              Entropy (8bit):4.459637879457414
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLmEUjA/CqwcWWGu:q43tISl6kXiMIWSU6XlI5KktpfGu
                                                                                                                                                                                                              MD5:F5D40B7259645010F9A248858AD14178
                                                                                                                                                                                                              SHA1:B3051D17A6EC8C9E166BF09A62B48261AB86957B
                                                                                                                                                                                                              SHA-256:7F5007068D2B56EA9735E2490D60CFF2E72CAE312024AC1F6C91158EBA47D05D
                                                                                                                                                                                                              SHA-512:1E82BC2D067F726670B3E6054D73E57868F6E7C50EB979696BF927DAEEF699F2D8F8DE201E8252B86B0E9F86DC69E5037FC9FA08EF6C271B033F29D4F0F4C1AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>CloudFront</center>..</body>..</html>..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\track[1].htm

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):167
                                                                                                                                                                                                              Entropy (8bit):4.459637879457414
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLmEUjA/CqwcWWGu:q43tISl6kXiMIWSU6XlI5KktpfGu
                                                                                                                                                                                                              MD5:F5D40B7259645010F9A248858AD14178
                                                                                                                                                                                                              SHA1:B3051D17A6EC8C9E166BF09A62B48261AB86957B
                                                                                                                                                                                                              SHA-256:7F5007068D2B56EA9735E2490D60CFF2E72CAE312024AC1F6C91158EBA47D05D
                                                                                                                                                                                                              SHA-512:1E82BC2D067F726670B3E6054D73E57868F6E7C50EB979696BF927DAEEF699F2D8F8DE201E8252B86B0E9F86DC69E5037FC9FA08EF6C271B033F29D4F0F4C1AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>CloudFront</center>..</body>..</html>..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1714110143_4764500_750.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3935664
                                                                                                                                                                                                              Entropy (8bit):7.869671937471047
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:R1BGPcIfEmnydhSldFORddm2ibra9AMYzXtE0wX:R1BixjyzqHKHqbm9mX20wX
                                                                                                                                                                                                              MD5:CED6A16415E6AE2243ACC2B776B9D965
                                                                                                                                                                                                              SHA1:1C2AFF84C79F3A6163F745B018AE700F07DD685F
                                                                                                                                                                                                              SHA-256:879D67E7E8C34DA226B13B91FDF3BC7C36C53C8A9937E97BCEFD68E35C15AF57
                                                                                                                                                                                                              SHA-512:4D1CD0CED181675CE2BD5693EB67EDF30DC01A81252CF7ED3A398B0E9D6359FB1DA271708C79D5B620C510B111BF55B30EE63CF7B264E8EB1606444A6959B041
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vd.L7..L7..L7..7+..N7...+..l7..#(...7..#(..C7..../.N7..J...M7..L7...6....._7..J...`7...1..M7..RichL7..........PE..L....&F.................P...0......l........`....@..................................w<..............................................p...W............;.0!...........................................................`..h............................text...RB.......P.................. ..`.rdata..&m...`...p...`..............@..@.data............`..................@....rsrc....W...p...`...0..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1714110143_4764625_750.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3410880
                                                                                                                                                                                                              Entropy (8bit):7.852929734038305
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:E1BGP55KeGzIK08BR+0h0lBI+0W0AUrPm+JL2NP16wjz9XPfI:E1Bi55KeGIKpBXhIBuh++nwjpfw
                                                                                                                                                                                                              MD5:4E3FCE1D8BE37088E4E40B829DA24091
                                                                                                                                                                                                              SHA1:59FC7C3F2DEDEBE3CFFD4AEAAFED3063273CA35B
                                                                                                                                                                                                              SHA-256:08884773C4C606741771205FAFDC74BEEC1A3D18F8019968689954728176326C
                                                                                                                                                                                                              SHA-512:15AAEEEB929E698A894FFF643D20BB24DABB0332C6520A04B569F102D841FFDBAD934315AD35A911ECFECEE5619D1C1F601EB1EE7A6EA6FAB328CACDAD4514A6
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vd.L7..L7..L7..7+..N7...+..l7..#(...7..#(..C7..../.N7..J...M7..L7...6....._7..J...`7...1..M7..RichL7..........PE..L....&F.................P...0......l........`....@.................................D.5..............................................p...W............3.0!...........................................................`..h............................text...RB.......P.................. ..`.rdata..&m...`...p...`..............@..@.data............`..................@....rsrc....W...p...`...0..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1714110143_4764703_750.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):542036
                                                                                                                                                                                                              Entropy (8bit):6.56751373563397
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:Jaxeh07OAImJjRrJQ6XEaEubw1BhkqKLc7GM4StJ1mGB5tnmZS9rXOYqgi3nm4BL:JyJ1ua1bw1gqKLc6etJ1m0pXLqJ7V/T
                                                                                                                                                                                                              MD5:B637C198FA977E3FB44BE8B6563FA57D
                                                                                                                                                                                                              SHA1:07FE04B3990EF759551AC4FE5996EA1C7B9B122F
                                                                                                                                                                                                              SHA-256:91F1216D6CD6A0355A6D3B314366993FA531A285D91A6C1E14BF8505B0C7FA1A
                                                                                                                                                                                                              SHA-512:5CFF6DC1BC3FE3FC376A8028339C130F8317D6DA12962F57612925A95E7E4C0BB10022F3FE68DDC63BD5D8BC6A88D5A2B6763746144F23FC09D78FA9A2181CF3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rL........... ...8.r.........................`.........................P................ ..................................................................!...................................................................................text....q.......r..................`..`.data...X............v..............@....bss.....................................edata..............................@....idata..............................@....reloc...!......."..................@....stab...l..............................B.stabstra....0.........................B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1714110143_4764718_750.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:Macromedia Flash data (compressed), version 9
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):45328
                                                                                                                                                                                                              Entropy (8bit):7.993429163936794
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:768:i8qetPOl0k7K21COqKuiH6AFyFR7OikC1kr0C3SW+c4eUahZ9mHg2:iGkjK21C/KdaAFyvOb063UaJmHN
                                                                                                                                                                                                              MD5:082CEE2F16A62D4642711F1EEA0BDF76
                                                                                                                                                                                                              SHA1:D82B1B952F378B9B022D7071C44B2433CA045AB3
                                                                                                                                                                                                              SHA-256:353BF8B47EB53F4D9733F0503A7E44B58BB9B7943AE7B9F8F0FBB2D71C95DF75
                                                                                                                                                                                                              SHA-512:A8856AFCE96DFE5C4EB1833504FF51F0007FD554DF53D6E79168634E7EB986AC9E449D348DEEF641F3AD0D5AA9532022389CE41068AC7A08D4375E5618D7A996
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:CWS.....x..{.X]......Kp........www..Hp.;.........z.$..w.}.._.|=.7=]l.U.V..vU..Vm..... ..@.....I....7..B.....0g..0..R+`,......`...E..3....'.p]..j'.'n9......P...~........!b2.........\b.*..v.....Z".:....i."...m..%O..#..j..H-x!.Do7..*.<....wg.$....@.I..lW].....D.y?W........5N...3......d.....!..$....I }X.Gtr.;.m....bF.h.d_....b..d..:-.\.=-L...N.D.^....D...6.E.<s.....s....g..Lq.e.l.....*..l..UDP..}...|\..[%...7+....e.'.....`.K..FhN..tBW8ZK.aTD_.O\..(.tx...v....o#J..;>`.q.Sc..~.[.f.x....QQ..S...E9..g=..7..&..c.VV(>.s+.|)?...3..Fq...S.S......,....O......7D..{^E..q".._iv..I...{@)-..i.....9m.w..>.}J...T.)...|......`...........`.=..P.L'.W,.A..hq.{.X.cT.o.A.._.D[o...z.<.........J..YL.()....O..._9 ..j.....g.5..lq)W..=..\.T.I$.R...(`2.a......Gp.Q....1..e.....4......7R.~. .-d-..6.FR..b..D.^.....=6..7......N.)....M......c.A.m..wQ.3..m..a..=...D..TU^...%..^..x..,gh.=.......j.......u..}..M.Y..........q.>......<...".?......3.............g=..M.(>J].h....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIESetup.exe (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3410880
                                                                                                                                                                                                              Entropy (8bit):7.852929734038305
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:E1BGP55KeGzIK08BR+0h0lBI+0W0AUrPm+JL2NP16wjz9XPfI:E1Bi55KeGIKpBXhIBuh++nwjpfw
                                                                                                                                                                                                              MD5:4E3FCE1D8BE37088E4E40B829DA24091
                                                                                                                                                                                                              SHA1:59FC7C3F2DEDEBE3CFFD4AEAAFED3063273CA35B
                                                                                                                                                                                                              SHA-256:08884773C4C606741771205FAFDC74BEEC1A3D18F8019968689954728176326C
                                                                                                                                                                                                              SHA-512:15AAEEEB929E698A894FFF643D20BB24DABB0332C6520A04B569F102D841FFDBAD934315AD35A911ECFECEE5619D1C1F601EB1EE7A6EA6FAB328CACDAD4514A6
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vd.L7..L7..L7..7+..N7...+..l7..#(...7..#(..C7..../.N7..J...M7..L7...6....._7..J...`7...1..M7..RichL7..........PE..L....&F.................P...0......l........`....@.................................D.5..............................................p...W............3.0!...........................................................`..h............................text...RB.......P.................. ..`.rdata..&m...`...p...`..............@..@.data............`..................@....rsrc....W...p...`...0..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3935664
                                                                                                                                                                                                              Entropy (8bit):7.869671937471047
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:R1BGPcIfEmnydhSldFORddm2ibra9AMYzXtE0wX:R1BixjyzqHKHqbm9mX20wX
                                                                                                                                                                                                              MD5:CED6A16415E6AE2243ACC2B776B9D965
                                                                                                                                                                                                              SHA1:1C2AFF84C79F3A6163F745B018AE700F07DD685F
                                                                                                                                                                                                              SHA-256:879D67E7E8C34DA226B13B91FDF3BC7C36C53C8A9937E97BCEFD68E35C15AF57
                                                                                                                                                                                                              SHA-512:4D1CD0CED181675CE2BD5693EB67EDF30DC01A81252CF7ED3A398B0E9D6359FB1DA271708C79D5B620C510B111BF55B30EE63CF7B264E8EB1606444A6959B041
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vd.L7..L7..L7..7+..N7...+..l7..#(...7..#(..C7..../.N7..J...M7..L7...6....._7..J...`7...1..M7..RichL7..........PE..L....&F.................P...0......l........`....@..................................w<..............................................p...W............;.0!...........................................................`..h............................text...RB.......P.................. ..`.rdata..&m...`...p...`..............@..@.data............`..................@....rsrc....W...p...`...0..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\META-INF\manifest.mf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13547
                                                                                                                                                                                                              Entropy (8bit):5.600589013116383
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9ycDu2ADT0g95uCs/GJVzbix/urF8g1YDLbax6kTTLSh:93C2A30g95js/GJFk2N1YDLb+l+
                                                                                                                                                                                                              MD5:810FA593D44397BD13FEB001B684EAE2
                                                                                                                                                                                                              SHA1:8223EFAA0D30A289A20B864CA1FC622852AB8201
                                                                                                                                                                                                              SHA-256:35A08311303FA255B0A9793F438C1229FF9DF946E759D52646093727007DD82E
                                                                                                                                                                                                              SHA-512:42008E31A4370D4A94B3F6FA0CF985341EE9E12D850AD06EC7379B6A71814F094F76075894A486756A3BC0B21F4FD54B6710813CE0A8ABC2612CF2B0685107BE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Manifest-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT...Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: CNsMWcvyVJA/R2OJD6jx7A==.SHA1-Digest: CQFIbsAHoE930lqhuKYzr0G75EY=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: cM97qpn/6M3P29jecDGsCQ==.SHA1-Digest: HGRfWAVRf6I1fjqtqjZlUY7bcvs=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: IzUsJtYOU3KF6RykwlY6lA==.SHA1-Digest: XjsqnQzlqCFErToou6kmfniWJFE=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZK/MV+wuXVbLbSGv6ayLog==.SHA1-Digest: 0HFQT6/U9YtyFnqydQ3XPVRX/bM=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZX2m/MJXYRHfOXcj/QPKWQ==.SHA1-Digest: 7MjtzoexiMvSnp6aGpMF/6HcHGQ=..Name: chrome/sweetim-toolbar/content/config.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: p

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\META-INF\zigbert.sf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13655
                                                                                                                                                                                                              Entropy (8bit):5.6040651112820905
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:WkA5g0iCoVcI/jdhBJNmDm+lP/eBSjSesuBVyOK6+ZEb5Mw7T4+sKr8tTciJcoC9:P37LBJNmDfB/eBSjnsLKwzF8J2M1
                                                                                                                                                                                                              MD5:59EC97C3D819001C0A897B38A7624473
                                                                                                                                                                                                              SHA1:D535037A3EC3601C7307EADFCD0AFE52747FB830
                                                                                                                                                                                                              SHA-256:13D9271BA7EBBE28508A4EBFCD6775BC1DD3459C5A9D4D8C1CF7F79E7323DDA8
                                                                                                                                                                                                              SHA-512:21A80FDA8D9F3B8EF957F94B7F4F429CD8D37637490DFB3D1C4E941D3F9DE59835162D7DE7C992C1B57B3AB0064655AA19E44AA93D30C3308413D87BBD03E1BA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Signature-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT..Digest-Algorithms: MD5 SHA1.MD5-Digest: f2XP9lsoHe04PBOvuFXL5g==.SHA1-Digest: 8RHZ0uUrxScBNJtHgI/t7stA9yA=..Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: w8i3Rt3DxPL6b05cKNpsPw==.SHA1-Digest: 3odNPduNL9VoljP4mprIcpgF4zc=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: 2YvLgsIg6k332XHkG6KEFA==.SHA1-Digest: ZvTVKYjibgcpdMsLQbe+A93OY1M=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: 1pyJGkn2pnE1+gMPhWrmww==.SHA1-Digest: 1uXwwQEdM+fCinL2psHcZId2oMc=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: lOla/YC5L6pzcewNgLywJw==.SHA1-Digest: vPI+B5kuDtUVY4PRGNE0z84Fnl0=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: AK1Es9lxyQoNYOJwLNf3SA==.SHA1-Digest: RUAGcms4e0

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome.manifest

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                              Entropy (8bit):4.884991274360526
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:4yp61ZTeXK17sZSaK1vZW29F1211e71KwobrZ19M91Z+1WEA61nlHKgs0KIk1kv9:47uXKRVlFYq5c1bQCIaPKgsBI191IIv
                                                                                                                                                                                                              MD5:BE04EC8D2EC3BAE591464CD1B717CA38
                                                                                                                                                                                                              SHA1:91920930B8512885B18B76B94DFE74401B95D299
                                                                                                                                                                                                              SHA-256:011A1E4C9C00DE7D49EF66FFF9A0F28AB3BFEDA738CCCE95A046B6B0B6255FA8
                                                                                                                                                                                                              SHA-512:7B026AE4564DAEFB3AEA64351ADF9AA23FAD571DFA4B08AA1700BBE20DA586D33F170B8CB29609F10D07B3828B47F5F0D443300C2501EBA58E9C2A328976BEA2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:content sweetim-toolbar chrome/sweetim-toolbar/content/..locale sweetim-toolbar de-DE chrome/sweetim-toolbar/locale/de-DE/..locale sweetim-toolbar en-US chrome/sweetim-toolbar/locale/en-US/..locale sweetim-toolbar es-ES chrome/sweetim-toolbar/locale/es-ES/..locale sweetim-toolbar fr-FR chrome/sweetim-toolbar/locale/fr-FR/..locale sweetim-toolbar it-IT chrome/sweetim-toolbar/locale/it-IT/..locale sweetim-toolbar nl-NL chrome/sweetim-toolbar/locale/nl-NL/..overlay chrome://browser/content/browser.xul chrome://sweetim-toolbar/content/sweetim-toolbar.xul..skin sweetim-toolbar classic/1.0 chrome/sweetim-toolbar/skin/....# from gecko 2 (FF 4), we need to explicitly register components..# auto complete component:..component {EEE6C362-6118-11DC-9C72-001320C79847} components/SIMAutoCompleteSearch.js..contract @mozilla.org/autocomplete/search;1?name=sweetim-autocomplete {EEE6C362-6118-11DC-9C72-001320C79847}..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\addonlistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4131
                                                                                                                                                                                                              Entropy (8bit):4.625588950617717
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:742dJHodJ1k18XJxrWQMJzfZJTnJs4Gocs/vT8udODZiQrOQJy5JCZnRkg6ARkAp:z8hu8LCC4Gob78BBCg9ChK
                                                                                                                                                                                                              MD5:08DB0C59CBF254903F4763890FA8F1EC
                                                                                                                                                                                                              SHA1:0901486EC007A04F77D25AA1B8A633AF41BBE446
                                                                                                                                                                                                              SHA-256:7A84952782D85681375BF0EEF6E0861B81DAF6AC6230E86082E49BC6FB49B2F8
                                                                                                                                                                                                              SHA-512:D738192F28BE485E860CA632D60BC92D0C07D881AA0AE5F39E986F60D8870B0B6D62612A0A27D464BB1E5A2B3A5930F13EBBEE6B1E37DD71887833F190E975AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// "AddonListener" was introduced in Gecko 2 (FF4)....var g_sim_AddonListener = {.. onEnabling: function (addon, needsRestart) {.. //dump("\n XXX onEnabling \n");.. },.. onEnabled: function (addon) {.. //dump("\n XXX onEnabled \n");.. },.. onDisabling: function (addon, needsRestart) {.. //dump("\n XXX onDisabling \n");.. },.. onDisabled: function (addon) {.. //dump("\n XXX onDisabled \n");.. },.. onInstalling: function (addon, needsRestart) {.. //dump("\n XXX onInstalling \n");.. },.. onInstalled: function (addon) {.. //dump("\n XXX onInstalled \n");.. },.. onUninstalling: function (addon, needsRestart) {.. //dump("\n XXX onUninstalling \n");.. try {.. logEnter();.. if (addon.id == g_SWEETIM_EXTENSION_UUID) {.. sim_g_SIMUninstallData = simOnUninstallConfirmedByUser();.... // since we cant receive "onUninstalled" event, we continue the un-i

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\addonmanager.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3052
                                                                                                                                                                                                              Entropy (8bit):4.531395341231766
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:VUNczcsspPiyV1Db+mCOZODrZX05IcNY2Wa+l1A:nAB0OgDVAINN11A
                                                                                                                                                                                                              MD5:70CF7BAA99FFE8CDCFDBD8DE7031AC09
                                                                                                                                                                                                              SHA1:1C645F5805517FA2357E3AADAA3665518EDB72FB
                                                                                                                                                                                                              SHA-256:113EEF2B585C045A77C0253B0201FFBC970A4CAF3033D38627D45C90939378CE
                                                                                                                                                                                                              SHA-512:B613B1F8FEFCF0FC8AB6C02D00E0141D988EC5F95B05030CE5FF97E1C6C889AC48090AE3DAE8883551EBCB56110E828549C0B854EF2AAB8D6CFC81A2B546E1C7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// wrapper for addons manager data...// for FF4 and later we use "AddonManager.jsm" (introduced only on Gecko 2, FF4)..// for FF3 and before, we use "extensions/manager;1"......// globals, used for getting version in FF4..var sim_g_addon_version = null;..var sim_g_addon_name = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.... logEnter();.... if (sim_g_event != null) {.. // step 1.. // set global value.. sim_g_addon_version = addon.version;.. sim_g_addon_name = addon.name;.... // step 2.. // set evant.. sim_g_event.value = true;.. } else {.. logSevere("sim_g_event is null, we got here too late or too early");.. }.. } catch (e) {.. logSevere2(e);.. }..}....function SIMAddonDetails() {.. this._version = null;.. this._name = null;..}....// gets the addon details, in a way relevent to FF version,..// and puts result

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\bindings.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1519
                                                                                                                                                                                                              Entropy (8bit):4.410561293172547
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:8TX667LYXcAr/NHxq0+3GAQY7RR1tY2T6RtY86p9WRctqUyn:xJ7r/f5yLT6eCRcJyn
                                                                                                                                                                                                              MD5:23352C26D60E537285E91CA4C2563A94
                                                                                                                                                                                                              SHA1:5E3B2A9D0CE5A82144AD3A28BBA9267E78962451
                                                                                                                                                                                                              SHA-256:6BE86B7E71BEE837C855C48032E525677BA5071961D03FFD6D1676168A642142
                                                                                                                                                                                                              SHA-512:991CE985948A1CAEC21CB616F46138BD3A44D3EF08E02C34CA8EE5146BABDDAB62D37D4B873A8010D0B89599C431AC2810B6D6BA2BFEB7ADC8B443B6694DFC88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0"?>..<bindings id="SweetIMBindings".. xmlns="http://www.mozilla.org/xbl".. xmlns:html="http://www.w3.org/1999/xhtml".. xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul".. xmlns:xbl="http://www.mozilla.org/xbl">.... <binding id="sweetim-autocomplete-result-popup".. extends="chrome://global/content/bindings/autocomplete.xml#autocomplete-result-popup">.. .<implementation implements="nsIAutoCompletePopup">.....<property name="showCommentColumn".. onget="return this.mShowCommentColumn;">.. <setter>.. <![CDATA[.. var treecolValue = document.getElementById("treecolAutoCompleteValue");.. if (!val && this.mShowCommentColumn).. {.. treecolValue.setAttribute("flex", 1);.. this.removeColumn("treecolAutoCompleteComment");.. }.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\chevron.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13924
                                                                                                                                                                                                              Entropy (8bit):4.6059793934114515
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:iVftcobtdfWZDSH555lKQI8xkWaD5+BtidxccSqaF5hxtCGsRlVbF:iV15Jdb6+Bti31SqaF5vtC9lVbF
                                                                                                                                                                                                              MD5:64AFCC57EC2E5D56CB6D21AFE9AC8BA2
                                                                                                                                                                                                              SHA1:D071504FAFD4F58B72167AB2750DD73D5457FDB3
                                                                                                                                                                                                              SHA-256:F878C7FFAC03B2C60BA419E7F8D074AB9693D5C4CE6DC4C5B16B7077194279CA
                                                                                                                                                                                                              SHA-512:6C859A0EC91A688F1E07684F7EB9F20FAB7678B16DF7F2FC281C15BD3D47040C6FC2733F51C383128C8AC9C2C3085D7BC2B7ADDC8156054594FE8E9B386A8394
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simClearChevronMenu()..{.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. while (oMenu.firstChild).. {.. oMenu.removeChild(oMenu.firstChild);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simGetCountChevronMenu()..{.. var result = 0;.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. result = oMenu.childNodes.length;.. }.. catch(e).. {.. logSevere2(e);.. }.. return result;..}......// TODO move this functiosn to new "utils.js"..function simGetChildElementById(parent, id)..{.. for (var i=0; i<parent.childNodes.length; i++).. {.. if (parent.childNodes[i].id == id).. {.. return parent.childNodes[i];.. }.. }.. return null;..}......function simGetElemWidthForNotCollapsed(oElem)..{.. var width;.. .. if (oElem.hasAttribute('collapsed') && oElem.getAttribute('collapsed')).. {

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\commands.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3720
                                                                                                                                                                                                              Entropy (8bit):4.732388643383319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:H8cFlhDSbeaUrYCp/zse1RLDvyjz985VH0UfkliWeVHV9xx2hMVNeVZENVvIsH:ccFlxSKaaDFm/98b6xeVtNbH
                                                                                                                                                                                                              MD5:657DA6FCC2576111DF397723FD03CA59
                                                                                                                                                                                                              SHA1:ECC8EDCE87B188CBD29E9E9A1A9305FFA1DC1C64
                                                                                                                                                                                                              SHA-256:93E512E98EFDE14499E6373115E2565ECAF4E26EF920BD039FEDC73768DEABD7
                                                                                                                                                                                                              SHA-512:BA284D75D27D520894BD8A3FB1728C3F198945738A8B3D759837CF2FEC7FAF24CD95653716DEC3E6FE309AE5040575B31CD97C67881C252D17DB988C475B1648
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// trying to be close to code in IE....function simParseAllVars(url)..{.. try.. {.. if (url.indexOf("%sim_search_combo")>=0).. {.. var searchTermsEncoded;.. searchTermsEncoded = simOnSearch();.. url = url.replace("%sim_search_combo", searchTermsEncoded);.. }.. if (url.indexOf("%domain")>=0).. {.. var domain = simGetSelectedTabHost();.. url = url.replace("%domain", domain);.. }.. if (url.indexOf("%toolbar_id")>=0).. {.. var appid = simGetConfigString("simapp_id");.. url = url.replace("%toolbar_id", appid);.. }.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return url;.. ..}....function simNavigateToURL(url)..{.. try.. {.. logEnter ();.. .. // parse vars.. url = simParseAllVars(url);.. .. // Set the browser window's location to the incoming URL.. window._content.docu

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\config.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5896
                                                                                                                                                                                                              Entropy (8bit):4.541238924519937
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XjE3geVhCa6rHUjwYOJY62Nod0qLdYNne4DLM5tYDUkeCalqN85q:zpeVhCa6rHU0YOJYv20jNeycegkZ9Uq
                                                                                                                                                                                                              MD5:A53978F00A102A62E01A3E43CB5EBDBE
                                                                                                                                                                                                              SHA1:E829F60DA3F8105C0D65F7EFE139C629468172C4
                                                                                                                                                                                                              SHA-256:C1B7491D50D19286166CD2511984736368315D4ABAE7C3B8E3836351543749A0
                                                                                                                                                                                                              SHA-512:9083FD8E4C4D8E4E9444EE1DCD99FFEFB9AD6E2DE6D5F68DE008DCEAE3CFFE510866B6E4C76AF17A04C51F8C15827225361C8F7916BECA40C8C5E243D4128268
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// local helper..function simGetPreferences()..{.. if (sim_g_iPreferences != null).. return sim_g_iPreferences;.. try .. {.. sim_g_iPreferences = kCC["@mozilla.org/preferences-service;1"].getService(kCI.nsIPrefService);.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return sim_g_iPreferences; ..}....// debug helper..function logBranch(branch)..{.. try .. {.. var count;.. var array = new Array();.. var obj = new Object();.. .. .. // see http://developer.mozilla.org/en/docs/nsIPrefBranch.. array = branch.getChildList("", obj);.. count = obj.value;.. .. for(var i=0; i<count; i++).. {.. logInfo("[item " +i+ " ]" + array[i]);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simDeleteBranch(name)..{.. var prefs;.. var branch;.. .. try.. {.. prefs = simGetPreferences();.. branch = prefs.getBran

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\contentmenu-handler.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):16022
                                                                                                                                                                                                              Entropy (8bit):5.164579735638881
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:oJPA3ed6vyJNKMZEYZKK/bTE4tv/j95JM5JV7osxmS7TJLQwlKeMuuC2suizrf7:ePA3edmQNKMZEYZKK/bTE4tv/xMrVRm8
                                                                                                                                                                                                              MD5:2B4FD08FBBE235E21CB29060CE159459
                                                                                                                                                                                                              SHA1:B7FB723D552129FEEAAE7CCA46EDB18A54849C44
                                                                                                                                                                                                              SHA-256:148B0E27BC88BFB16BA9FA0B1963B5F3FB6FA14D4B971EDB3E85268386644B0B
                                                                                                                                                                                                              SHA-512:EC60097A623E9CEAE81AC0D819BABF4B48CFE277B7B6BD2B1625904AB897330DC31D67B850E77C2721159542B4F28EF5EE1DB5BB90144FE6F07D37E64014261E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:/*** Constants ***/..const SIM_BROWSERCOMP_MENU_ID = "id_browser_sim_content_menu";..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";....const BRW_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const BRW_NOTIFY_LOCATION = Components.interfaces.nsIWebProgress.NOTIFY_LOCATION;....const BRW_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const BRW_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;..const BRW_STATE_TRANSFERRING = Components.interfaces.nsIWebProgressListener.STATE_TRANSFERRING;..const BRW_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..../*** End Constants ***/..../*** Members ***/..var sim_mouseOut = true;..var sim_closeBubbleWindow = false;....//Listen to browser navigation, progress, netvork, security events..var sim_bubbleBrowserProgressListener = ..{...QueryInterface: function(aIID) {....var result = null;....if(aIID.equals(Components.interfaces.nsIWeb

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\contentmenu.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3711
                                                                                                                                                                                                              Entropy (8bit):4.586487379339707
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Vv7HHeL0tgDxRILL1BtH/N0kZp/V6bZ6+oCyhXHbgB1RulleK9s19j/h1OLXy:pIdE1BtZZSloL9sB1o/ZCj/rmXy
                                                                                                                                                                                                              MD5:089FBACD08F66ACB256605630CAEB58C
                                                                                                                                                                                                              SHA1:6A2156806CADD3144F4655F6D688DA27FE89EF73
                                                                                                                                                                                                              SHA-256:29C510DA7814E46549C31EAA84204B88CE3616343E1EC7535ED0EF2DF828A786
                                                                                                                                                                                                              SHA-512:CA32B03181E9D398B025F2E35BBCE0D64C2A086C1606EFAB97B1F6CDA4A4F29AA380403736A56F6F4DDBA778507F186BF579ACE3C148C510B43B40F663E5C34F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";..var sim_g_wndContentMenu = null;....function simPreventDefaultProcessing(event)..{...try...{....if (sim_g_wndContentMenu.simTargetWindow)....{.....event.preventDefault();.....event.stopPropagation();.....event.target.parentNode.open = false;....}...}...catch(e)...{....logSevere2(e);...}..}....function SIMPoint()..{.. this._x = 0;.. this._y = 0; ..}....function simComputeContentMenuLocation()..{.. var oPoint = null;.... // step 1.. // get button.. var oButton = simMyGetElementById(SIM_TOOLBAR_BUTTON_ID);.. if (oButton != null).. {.. // step 2.. // check if current tab is opened with addons manager.. var bAddonsManagerTab;.. bAddonsManagerTab = simIsCurrentTabOfAddonManager();.. if (bAddonsManagerTab){.. // !! we get here also for "empty" tab.. // we should hide the menu.. // this is done by caller, when he gets point as null.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\cookies.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8608
                                                                                                                                                                                                              Entropy (8bit):4.625604721501032
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:J8WDV0lxkzQMqZRCdvWyx5c+KQby7DwcsF8cm:T+4dY
                                                                                                                                                                                                              MD5:1F46872FF3A64F893C4E43C081D375C8
                                                                                                                                                                                                              SHA1:DC24DFE5A9FC509A78E57F0CB4516B646D98CD30
                                                                                                                                                                                                              SHA-256:BFF21988F70894E777229045F3B70D50659F084658CCC5424F534D175E2651E4
                                                                                                                                                                                                              SHA-512:79451B08E2695B19A6B09BB45AE291C5F3176FC582969498A946ADF6662D43A2A0380A87B3B3548BFB1E7471631F645C94C53ABBA766048CF74100B63003FB50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_COOKIE_NAME = "SIMAPPID";..const SIM_COOKIE_HOST = ".sweetim.com";......// In 1.9+ and later there is new param "httpOnly"..// to nsICookieManager2:add..function simGetIsGecko19OrLater()..{.. var isGecko19 = false;.. if (kCI.nsIXULAppInfo).. {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, "1.9") >= 0).. {.. isGecko19 = true;.. }.. }.. return isGecko19;..}....var sim_g_CookiesObserver = {....// members.._registered: false,....// method: observe..observe : function(subject, topic, data)..{.. try.. {.. if (topic == "cookie-changed").. {.. // see http://developer.mozilla.org/En/NsICookieService.. if(data == "cleared" || data == "deleted").. {.. var verify =

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\domainutils.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                              Entropy (8bit):4.556954689157478
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:5YPwVFM/wVMMQq8EwK04sA1jFBAZFtJ5stxNYUXi5MIm4gz21icL:5YSFMCMMzZF04sSBqFtJ5stxN4Zm4gK/
                                                                                                                                                                                                              MD5:3A394379FE27CCBEE9FCACAD25A89624
                                                                                                                                                                                                              SHA1:9573282380AF9404FBE89F87E4A8AB2C8EA5A785
                                                                                                                                                                                                              SHA-256:8F87D2A1D2B63DCCED8AE3219A905A22129A5C9D05CCFE80123A1DFA8EAA4CC2
                                                                                                                                                                                                              SHA-512:7FD6A89AA8439F686222320E41F443CDD529662CC1B08D991BF41CC092C3971EDA0FA0B98E8AB6605F6F4D554A29694F061C05654435BA9590B5AE6BE6BD7D44
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:function getDomainNameFromURL(sURL) {.. sURL = sURL.replace("http://", "");.. sURL = sURL.replace("https://", "");.. var slash = sURL.indexOf("/");.. if (slash > 0) {.. sURL = sURL.substring(0, slash);.. }.. return sURL;..}....function getSecondLevelDomain(sURL) {.. var sDomain;.. var sSecondDomain = "";.. var arr;.. if (sURL != null) {.. sDomain = getDomainNameFromURL(sURL);.. arr = sDomain.split(".");.. if (arr.length > 2) {.. sSecondDomain = arr[1];.. }.. else {.. sSecondDomain = arr[0];.. }.. }.. return sSecondDomain;..}....function CompareSecondLevelDomains(sURL_1, sURL_2) {.. var result = false;.. try {.. var sSecondDomain1;.. var sSecondDomain2;.. sSecondDomain1 = getSecondLevelDomain(sURL_1);.. sSecondDomain2 = getSecondLevelDomain(sURL_2);.. if (sSecondDomain1 == sSecondDomain2) {.. result = true;.. }.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\dynamic.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3140
                                                                                                                                                                                                              Entropy (8bit):4.472854553394219
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:HuKNuu1ywyvw8WU5Nuu1ywGz7vFlNuu1ywy:HuwaQw2wwy
                                                                                                                                                                                                              MD5:01AD57D140DA3C93803DD9D700373C52
                                                                                                                                                                                                              SHA1:3458CD2EDE13733C9B8447251DED6CDB5B6B182D
                                                                                                                                                                                                              SHA-256:A899595EF19B413A9099A9540852BE1013EBFA18379F31E65D9ACEEAEA52A163
                                                                                                                                                                                                              SHA-512:8E74CA4104F02318B659C67A34DD259681D8CC4F0971FA6F5B6165A1FEDEEEC79180A9C1BD33340607881818349697492EDA9B96580132A4A979F54AEF778FBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// small helper..function..simInsertAfter(newChild, refChild)..{ ...var oParent;...oParent = refChild.parentNode;.. oParent.insertBefore(newChild, refChild.nextSibling); ..}....function..simAddSeperator(id, insertAfterId)..{.. try.. {.. var oNewElem;.. var oElemExist;.. .. // create new element.. oNewElem = document.createElement('toolbarseparator');.. oNewElem.setAttribute('id', id);.. .. // add it.. oElemExist = simMyGetElementById(insertAfterId);.. simInsertAfter(oNewElem, oElemExist);.. return oNewElem;.. }.. catch(e).. {.. logSevere2(e);.. return null;.. }..}....function..simAddBanner(id, url, insertAfterId, name, width, height, bAddPadding)..{.. try.. {.. var oNewElem;.. var oElemExist;.. var oParent;.. var style;.. .. // create new element of banner.. oNewElem = document.createElement('iframe');.. oNewElem.setAtt

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\file.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):7243
                                                                                                                                                                                                              Entropy (8bit):4.667029972880432
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:1Ume45J4xbfd3QMs3LfHSVoLlHVcn1EoV5HAVcj/qr8S8G0oRoccNd+:TeRpfXQLHcoBHK1D5Hac7qwvGLx0d+
                                                                                                                                                                                                              MD5:B0B4F17785E11927B144C61C3148E2AC
                                                                                                                                                                                                              SHA1:260A37C06BC8294D79C72A329C261E187E9555BA
                                                                                                                                                                                                              SHA-256:85E23241F5A8301CCF224AF5C30DD58CD6D9584E731259147E3561813F78AEF5
                                                                                                                                                                                                              SHA-512:D9F29D4AF899D6E2D7AC5F3E6F0D4BDAA09B9ED4E3B546EA257B5D65E3E319153EC67A657756899404C3BFEAEE4129F98E249B546BE4067E80F9B19A42A5FEAD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODO2 - check this: dont put log bcz it recurse..function simGetFileSize(filename)..{.. var result = 0;.. try.. {.. var file;.. .. file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. file.initWithPath(filename);.. .. if (file.exists()).. result = file.fileSize;.. else.. result = -1; .. }.. catch(e).. {.. simAssert(eSeverity.eSEVERE, e);.. }.. return result;..}....function simReadFileToString(filename) {.. .. var result = null;.. .. try {.. var file;.. var cstream;.. var fstream;.. var data = "";.... logEnter();.... file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. fstream = kCC["@mozilla.org/network/file-input-stream;1"].createInstance(kCI.nsIFileInputStream);.. cstream = kCC["@mozilla.org/intl/converter-input-stream;1"].createInstance(kCI.nsIConverterInputSt

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\findword.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3434
                                                                                                                                                                                                              Entropy (8bit):4.555949304243929
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1foLrnEe2o1349x0nrnE9zMZJH7Cb+KQGj8HmGF/hfqj:16oeBMuo9zMLHU+KQG4HzYj
                                                                                                                                                                                                              MD5:613B6833DCC4E6ABD2412016F8533729
                                                                                                                                                                                                              SHA1:2A8DD9827A4EF50AEF9BAD4A08697B2E953CF785
                                                                                                                                                                                                              SHA-256:D31BE0E9CDB8B1460D6E4F621EDE0C81E657B95D41D59B45BEA6127E43F61E4A
                                                                                                                                                                                                              SHA-512:A2FBE1B2E9A3D97F5FBD71FBC931D9672A8703B939BE0EFD7F70F895CDD77EBB32C0963BAAFD7635A9CD88DE420A57AC408EE7072C773A819D80D9E61B768E39
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simRemoveFindWordButtons() {.. try {.. logEnter();.... var oFindWordButton;.. var oFindWordItem;.... oFindWordItem = simMyGetElementById('sim_find_words_item');.. while (oFindWordItem.firstChild) {.. oFindWordItem.removeChild(oFindWordItem.firstChild);.. }.. }.. catch (e) {.. logSevere2(e);.. }..}....function simAddOneFindWordButton(oFindWordItem, label) {.. var oNewButton;.. var tooltipText;.. oNewButton = document.createElement('toolbarbutton');.. oNewButton.setAttribute('label', label);.. oNewButton.setAttribute('id', 'sim_id_for_find_word_' + label);.. //newButton.setAttribute('crop', 'end');.. oNewButton.setAttribute('class', 'sim_find_word'); // alse sets max width.. oNewButton.setAttribute('oncommand', 'simFindNextWord(event);');.. tooltipText = simGetFormattedStringFromBundle('sweetim.property.button.findword.tooltip', [label]);.. oNewButton.setAttribute('tooltiptext

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\generalobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1430
                                                                                                                                                                                                              Entropy (8bit):4.474103530814768
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:KX0t8sqp5raTuJ/fwo84vnUO0qRy67wf7o84vnM0qBQltydbjee5DRB6ykibjLeM:KE3U5J/fwopvnUO0Eyiwf7opvnM0SQPs
                                                                                                                                                                                                              MD5:EE7A229CBDB7F4F3023ACCC1A12CC8BB
                                                                                                                                                                                                              SHA1:AF5F336C583C51CD6FDB8D2FC960B525EEAA5B80
                                                                                                                                                                                                              SHA-256:8C4EA863D577011A2AACB884A18BE53C9599B3CA9B212AC893CA987DA5E2EC11
                                                                                                                                                                                                              SHA-512:C974CC5D0E5079BA1928CED96A64F3F1791079545FA983D4FA66918F5A5DFBF7D9B473AD45CD29AC3FAA9D9A86DC0F93CAD12AA42EED2ABFD5C206F759A1BDF2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_GeneralObserver = {.... // members.. _registered: false,.... // method: observe.. observe: function (subject, topic, data) {.. try {.. if (topic == "quit-application-requested") {.. simOnQuitApplicationRequested();.. }.. }.. catch (e) {.. logSevere2(e);.. }.. },.... // method: register.. register: function () {.. if (!this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.addObserver(this, "quit-application-requested", false);.... this._registered = true;.. }.. },.... // method: unregister.. unregister: function () {.. if (this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.removeObserver(this, "quit-application-requested");..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\global-namespace.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):814
                                                                                                                                                                                                              Entropy (8bit):4.8948254611600035
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:EfYCIaDJIDD7FsoKI78kLLrpbhoc5tA1iVCYKOHsgp7cbUNnIHYK30JWM/qGwY8s:ErIa/o18kzpb81zLa1nMEJWMiGWs
                                                                                                                                                                                                              MD5:F94995DEAE7ABCDFCE3A3C9BB5F5EC01
                                                                                                                                                                                                              SHA1:4D3C7CB0EA579AD062EDADD18D52EDBD54A331DD
                                                                                                                                                                                                              SHA-256:E3A1E261E542BB984064D9F1B02A72720A4F238BFB3EC8D76BD5407D5FEDB6D2
                                                                                                                                                                                                              SHA-512:B903EB8183214EE0F8F152478AB99B002746A29575AA3B2214153E2C050295C2D37CC28406432452D33F2D12751A5079DEE927CD49CF1EE0686145E434B7359A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// loaded in "global namespace", bcz function already "SIMTB_Navigate" in use by ppcbully banner,..// without use of namespace....// called from ppcbully banner, in order to open ad in _current_ or _new_ tab, instead of in new window..// (cannot be done directly using JS, without helper function)..function ..SIMTB_Navigate(url) {.. try {.. NAMESPACE_SIM_TB.logEnter();.... var target = NAMESPACE_SIM_TB.simGetConfigString("ppcbully.target");.. if (target != null && target == "new-tab") {.. NAMESPACE_SIM_TB.simNaviagteToUrlInNewTab(url, false).. }.. else { // no value, or "current-tab", as default -> open in current tab.. NAMESPACE_SIM_TB.simNavigateToURL(url);.. }.. }.. catch (e) {.. NAMESPACE_SIM_TB.logSevere2(e);.. }..}

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\globals.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3538), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5929
                                                                                                                                                                                                              Entropy (8bit):5.118606362873504
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:PT7FggKebtnL/6q0P7ETojlQXdMdnL2D5JeMp6ncwGTSM3YtlPLg:PT7VKStnT6DxhSD5+gYtts
                                                                                                                                                                                                              MD5:95C9B565B9F126BA7B38D804AFF23F3B
                                                                                                                                                                                                              SHA1:7A591C7532742665FCD9BA582C7D619B0728C698
                                                                                                                                                                                                              SHA-256:0544D0A22B2AE4A1F47EE22CBA892C28D3C40AD20D46C87040A78232F5315E2B
                                                                                                                                                                                                              SHA-512:2D799781037E44944571243D6924F5CA457ECDF3B450FEE035A48DF9F5F1CBC59E49A29E26213329B53A67913C3A04D176F62337B749425BA3D3BB04DE30CD3F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// urls..const SIM_URL_SEARCH = "http://search.sweetim.com/search.asp"..const SIM_URL_WWW = "http://www.sweetim.com";..const SIM_URL_HOME = "http://home.sweetim.com";..const SIM_URL_FORUM = "http://www.sweetim.com/forum/";..const SIM_URL_HELP_FF = "http://www.sweetim.com/help_simff.asp";..const SIM_URL_HELP_ABOUT = "http://www.sweetim.com/about_overview.asp";..const SIM_URL_HELP_UNINSTALL_FF = "http://www.sweetim.com/uninstallhelpff.asp";..const SIM_URL_FEEDBACK = "http://www.sweetim.com/help_contact.asp";..const SIM_URL_PRIVACY = "http://www.sweetim.com/eula.html#privacy";..const SIM_URL_AFTER_INSTALL = "http://www.sweetim.com/installbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UNINSTALL = "http://www.sweetim.com/uninstallbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UPDATE = "http://www.sweetim.com/updatebar.asp";..const SIM_URL_SEARCH_FOR_DS = "http://search.sweetim.com/?src

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\gui.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):994
                                                                                                                                                                                                              Entropy (8bit):5.055837583663413
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nNRePft2xlRewMoHPiRoBioxNjoKweJiJ2nNRRXAofYRRm5YrRR2Re7Uh2JE:1nNEnt2xHxM4iaBioxNj2J2nNbAogmYY
                                                                                                                                                                                                              MD5:B21915268656A59AB1FEFDB73060C116
                                                                                                                                                                                                              SHA1:11029F793F81E05A5666D90367E4DE17D489ED9F
                                                                                                                                                                                                              SHA-256:F18C604A4AC3C9E331EE4CCDD5B9064392C7AE1F53068FD20F990500BE961752
                                                                                                                                                                                                              SHA-512:FCB822F6BDFFB744A74B6CF7B92F89B4A86059959B79DCB98ED2D8DAA3AA51F17290F432A4619FD3B0286D3A038D0F1C7656310D9D579087AC9E40F2D9CBEA5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyGetElementByIdImpl(oParent, id){.....var oElem = null;...if (oParent != null && oParent.hasChildNodes()) {....var children = oParent.childNodes;....for (var i = 0; i < children.length; i++) {.....var oChild = children[i];.....if (oChild.id == id) {......oElem = oChild;......break;.....}.....else {......// try to recurse......oElem = simMyGetElementByIdImpl(oChild, id);......if (oElem !== null)......{.......break;......}.....}....}...}...else{....//alert("children.length = 0");...}...return oElem;..}....function simMyGetElementById(id){...if (false) { // orig, but in correct when we also have TB running along side FB,....// bcz they use same ids....var obj;....obj = document.getElementById(id);....//alert("obj = " + obj);....return obj;...}......var oParent;...var oElem = null;...oParent = document.getElementById(SIM_TOOLBAR_ID);...oElem = simMyGetElementByIdImpl(oParent, id);...if (oElem == null) {....// alert("oElem null for id = " + id);...}...return oElem;..}..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\highlight.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11741
                                                                                                                                                                                                              Entropy (8bit):4.718561487895601
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:M4waE6qTeRNKsTVyJnd9M6sTaQqIqIPejICyIK4+WPgGMo3acYkXwx:NRqpTeejmazycM
                                                                                                                                                                                                              MD5:19C91355F834A826C848D1FAE11C5FAF
                                                                                                                                                                                                              SHA1:8EE43CDE546F9CB1BF8A4C3B4FBB0BD1A669112C
                                                                                                                                                                                                              SHA-256:8FB0A6DA582D7BE18DF253731ED0EF4136C9609064ACF8FF83B7CBD4F26F9A6C
                                                                                                                                                                                                              SHA-512:908A9B95FA8E26485027B85B94B46C84DB1FD487CC315547FB6B8E6D0720FA3EF917C091C7F33CFF5C091C35DF0B022875EFD10D52829FD96566392C4FEA2B9D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrColors = null;....// private..function simGetHighlightButton()..{ .. var oButtonHighlight;.. oButtonHighlight = simMyGetElementById('sim_highlight_btn_id');.. return oButtonHighlight;..}....// private..function simGetHighlightButtonChecked()..{ .. var oButtonHighlight;.. var bChecked;.. .. oButtonHighlight = simGetHighlightButton();.. if (oButtonHighlight.hasAttribute('checked')).. {.. bChecked = oButtonHighlight.getAttribute('checked') == 'true';.. }.. else.. {.. bChecked = false;.. } .. return bChecked;..}....// private..function simSetHighlightButtonDisabled(bDisabled)..{.. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.disabled = bDisabled;..}....// private..function simSetHighlightButtonChecked(bChecked)..{ .. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.setAttribute('checked', bChecked);..}.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\history.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2980
                                                                                                                                                                                                              Entropy (8bit):4.13201368175262
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1suFOFuLDFEFEnXU8cCVVIdk2W7zdXO4DOWlCuTMCSz:TFOcPFEFoflSI3JHD2qgz
                                                                                                                                                                                                              MD5:2A1BE640289F613777A831410130DB4D
                                                                                                                                                                                                              SHA1:BDAF40DC75C69F30799DF9A4B2428930F30F3624
                                                                                                                                                                                                              SHA-256:4B747F43C14B6C95EB37EB2340072B40125C57999DA530FFADBCB999D81ED393
                                                                                                                                                                                                              SHA-512:DDFC32305F9C0FAE715BBE4C918007E6ACD3AFC94FF0054FE47021E8EBD9B4048DC9F1F296DE2EAC76779BFC6D3ACF5E406AD47D5650FF07DCEAB4A32B1C340C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchHistory()..{.. var result = null;.. try.. {.. var arrEncoded;.. var sHistoryItems = "";.. if (simGetIsConfigExists("search.history")).. sHistoryItems = simGetConfigString("search.history");.. if (sHistoryItems && sHistoryItems.length > 0).. {.. result = new Array();.. arrEncoded = sHistoryItems.split(",");.. for(var key in arrEncoded).. {.. var encoded;.. var decoded;.. .. encoded = arrEncoded[key];.. decoded = decodeURIComponent(encoded);.. logDebug("key="+key+",encoded="+encoded+",decoded="+decoded);.. result.push(decoded);.. }.. }.. }.. catch(e).. {.. dump("simGetSearchHistory= "+e);.. //logSevere2(e);.. }.. return result; // array of decoded..}....// param text shouldNT be encoded..function simAddToSearchHistory(

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\inject.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6637
                                                                                                                                                                                                              Entropy (8bit):4.38577654837664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:YXyv7ijuSlT3gChurexw6Z7VNsOAojOWkhkCnHSBFRs+Mz2CNN:nvjquWwy7NOWqkCyBFRs+MqG
                                                                                                                                                                                                              MD5:560EFC94BF82CD40EDFA51D0EC7A8ED5
                                                                                                                                                                                                              SHA1:991B9B36CBF729632310D8B862EC92928F20D43D
                                                                                                                                                                                                              SHA-256:0A8AAB29CAFA7055F99DBAE359400B8EF187EC181F8976F7B7748CDEA4AAD88E
                                                                                                                                                                                                              SHA-512:2517F88D6F4FE557F2D894D64F9697F4FFC162F64C4E4D943B09024EDDD7CBB2E37D240CB684FE656348E082DAD011E3DEA0955BA1AB3BBB8063A4B741B9ACD4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODOZ: future use..function SIMScriptInfo() {.. this._sRegexp = "";.. this._sURL = "";..}....var g_sim_strScriptURL = "http://sc.sweetim.com/apps/in/fb/infb.js";....function simAddScriptToDocument(oDocument) {.... try {.. var SCRIPT_ELM_ID = "id_script_sim_fb";.... var objScript = oDocument.getElementById(SCRIPT_ELM_ID);.. if (!objScript) {.. var head = oDocument.getElementsByTagName('head')[0] || document.documentElement;.. var scriptElement = oDocument.createElement('script');.. var url = simGetConfigString("urls.ScriptUrlFB"); // same name as used in IE.. if (url == null || url == undefined || url == "") {.. url = g_sim_strScriptURL;.. }.. scriptElement.src = url;.. scriptElement.type = "text/javascript";.. scriptElement.language = "JavaScript";.. scriptElement.id = SCRIPT_ELM_ID;.. head.insertBefore(scriptEl

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\install.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22273
                                                                                                                                                                                                              Entropy (8bit):4.567586678614434
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:N44hc4vQNQMq2ygMZr87jmnH5dgRTHR4/bKfn+E:N4A1ZeSm
                                                                                                                                                                                                              MD5:4F697EF09E80937BD0321C81800CA48F
                                                                                                                                                                                                              SHA1:B58FA1875961D22E5E3534225F7B7D17E5530308
                                                                                                                                                                                                              SHA-256:43729CF4EC878E3B12B60A1CD19A78516BC79CFBAAA0E289DDA2432EF25E248D
                                                                                                                                                                                                              SHA-512:8FD1CFD5E02F753519A142F0DDEF5CB32ED6C59C12D1BDDC6CCDC7E1CD9CCFCC478EF5E9673543F113FD419B90C0B7B1C860499461D848A53E853F7D3C2BDE24
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simOnInstall()..{.. try.. {.. logEnter();.. simAddDefaultConfig();.. simUpdateVersionFromRDFInPrefs();.. }.. catch(e).. {.. logSevere2(e); .. }..}....function simGetPrefsArray()..{.. var arrPrefs = new Array();.. .. // keyword url.. arrPrefs.push( {prefName:"keyword.URL", prefSweetIMValue:"http://search.sweetim.com"} );.. .. // default search.. arrPrefs.push( {prefName:"browser.search.defaultenginename", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. arrPrefs.push( {prefName:"browser.search.selectedEngine", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. .. // homepage.. // get the value which was added by setup, as homepage.. // was stored also here for comparsion. see c++: SetFFDefaultHomePageUsingPrefsFile.. var sSweetIMHomePage = simGetConfigString("urls.homepage");.. arrPrefs.push( {prefName:"browser.startup.homepage", prefSweetIMValue:sSweetIMHomePage} );.... return ar

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\logger.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10479
                                                                                                                                                                                                              Entropy (8bit):4.595467703826516
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:danfRLbJ1A0MASuHvLLKO9LJOq2/pOq6pdyJFIZMGt4Z:dsbQaLLKO9LYZ/UJPaZ
                                                                                                                                                                                                              MD5:5329A994D60FB712F6D18F9D69C0B29B
                                                                                                                                                                                                              SHA1:F0E9AE0F6EE68BEE731176871741836A4F400715
                                                                                                                                                                                                              SHA-256:CA3540B7DD00EE74126562A027B6C11A3DF3E6155313D9D39DF3F48409635BBD
                                                                                                                                                                                                              SHA-512:034147BE48FEC3A3B40F74C8835FB158A8A01BEC52394DA431F5B8C614FA38C7B9DB9AFF3D34A455060E35FD0BC1860B3E6196760A9380C437A53D85222710F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// for eSeverity original definition, see Level.h..var.eSeverity =..{.. eALL:0,.. eDEBUG:1,.. eCONFIG:2,.. eINFO:3,.. eWARNING:4,.. eSEVERE:5,.. eCRITICAL:6,.. eOFF:7..};....var g_loggerInit = false;....var g_FileHandler_FileName = null;..var g_FileHandler_MinReportLevel = null;..var g_FileHandler_MaxFileSize = null;..var g_ConsoleHandler_MinReportLevel = null;....var sim_g_loggerDisabled = false;.. ..function initializeLogger()..{.. // TODO - the strings of prefs names, appear also in config.js => put them in one place only.. .. if (simHasConfigPrefs()).. { .. g_FileHandler_FileName = simGetConfigString("logger.FileHandler.FileName");.. g_FileHandler_MinReportLevel = simGetConfigString("logger.FileHandler.MinReportLevel");.. g_FileHandler_MaxFileSize = simGetConfigString("logger.FileHandler.MaxFileSize");.. g_ConsoleHandler_MinReportLevel = simGetConfigString("logger.ConsoleHandler.MinReportLevel"

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\main.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2761
                                                                                                                                                                                                              Entropy (8bit):4.585147185811158
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:G3JhY6Boz41aDkkaYMjNgr3AetwWOzBT4JF5Ay6:G3JOXDlazjN+w2OBMWf
                                                                                                                                                                                                              MD5:2E2A156B39E9712A9009685B01C32097
                                                                                                                                                                                                              SHA1:E1A475D4A5630873BBB4385130F7AB784BDEB90C
                                                                                                                                                                                                              SHA-256:5A7F42C79EF674479812DB4A4AF9A0F8C419AF9042D51542174E64BA9CE9276E
                                                                                                                                                                                                              SHA-512:C8AE2C1FFD66C613D5F20B957120BCE25C436A0C5EC9D42C0202781DC78EC3C4B67AABD2EA5D3546F6E1E4C7AF69FD328D0FDAD1BCA8957872093083012C6188
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var NAMESPACE_SIM_TB = {};....NAMESPACE_SIM_TB.loadScripts = function () {.. // load external JS files, into gloabl object "NAMESPACE_SIM_TB", which is used as namespace.. try {.. var path = "chrome://sweetim-toolbar/content/";.. var loader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"].........getService(Components.interfaces.mozIJSSubScriptLoader);.. var files = new Array(.. "sweetim-toolbar.js",.. "registry.js",.. "config.js",.. "search.js",.. "searchguard.js",.. "searchservice.js",.. "logger.js",.. "commands.js",.. "highlight.js",.. "tabinfo.js",.. "tabinfo-array.js",.. "webprogresslistener.js",.. "contentmenu.js",.. "splitter.js",.. "chevron.js",.. "uninstallobserver.js",.. "version.js",.. "install.js",.. "globals.js",.. "history.js",.. "file.js",.. "stringbundles.js",.. "tooltip

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\messagebox.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):790
                                                                                                                                                                                                              Entropy (8bit):4.552759257474942
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:xb7gDv5WyDfcoXNWiB14/7+KI5hoG2tyUovprDzpTz8yhphzFnATpJx37GpJcL:1kv5BDUoX/4TNlkpp3NTwOhFmXYcL
                                                                                                                                                                                                              MD5:EBBDC1D24F91354112CE613C5FF079D4
                                                                                                                                                                                                              SHA1:9E6902E98BB070AC14A53476B830F546BCD41E4F
                                                                                                                                                                                                              SHA-256:822A4FADA8538D2365EB806AF58516D76C5E00E49FFB4B81261BFA14F13DCB3B
                                                                                                                                                                                                              SHA-512:DA18275FF3A33E93ED7D827BCB9697492A6AEEB83C5265F3A470CED73DE3DC361F39A16EB90D1C39FBBAC1BF59F002DD9EFF24F68C397DD1726D7F65DEF32F96
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMessageBox_OkCancel(sCaption, sText) {.... var result = null;.. try {.. // show message, ask user if to keep settings.. var promptService = kCC["@mozilla.org/embedcomp/prompt-service;1"].getService(kCI.nsIPromptService);.. var flags = promptService.STD_OK_CANCEL_BUTTONS;.. var check = { value: false };.. var button = promptService.confirmEx(window, sCaption, sText, flags, null, null, null, null, check);.... // set the value that user selected in result.. if (button == 1) // user selected "pos_1" button => no.. {.. result = false;.. }.. else {.. result = true;.. }.. }.. catch (e) {.. logSevere2(e);.. return null;.. }.... return result;..}

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\ppcbully.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                              Entropy (8bit):3.7605520099280896
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:JyBoNLxRRtU3dLqRRdv7f+fOpLfy8fHUwBc1P+urxpZhzZDb:kB4x+opDGmB5WmuLPh
                                                                                                                                                                                                              MD5:D0D9DDC7A4FCEC37560A070DFA13BF5E
                                                                                                                                                                                                              SHA1:ABBDD24BB2BF5C915F3037F8CDB5675D6A9F331A
                                                                                                                                                                                                              SHA-256:B28E9EDE8088E44E68C13BF1AA7B540924A6D18C0F25B015D4CABC02E3F6AD3B
                                                                                                                                                                                                              SHA-512:598A7B9F07F25E0A606431F3A93D618885CD803233B29465869E754285666CA2212B53BE3BB997A48F272617618B4EB5FE799E004ECB948E941AA767D84A189B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// notifies ppcbully banner on every document complete...// called from rc.html..function..simNotifyPPCBullyBannerOfDocumentComplete(bannerId, url)..{.. try {.... logDebug("params: bannerId = " + bannerId + ", url = " + url);.. .. var oToolbar;.. var oBanner;.. oToolbar = document.getElementById(SIM_TOOLBAR_ID);.. if (oToolbar.collapsed == false) // check if toolbar is hidden.. {.. oBanner = simMyGetElementById(bannerId);.. if (oBanner).. {.. if (oBanner.contentWindow != null && oBanner.contentWindow).. {.. if (oBanner.contentWindow.pbNavigateComplete != undefined) {.. try {.. oBanner.contentWindow.pbNavigateComplete(url);.. }.. catch (e2) {.. logSevere2(e2);.. }.. }.. el

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\registry.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5801
                                                                                                                                                                                                              Entropy (8bit):4.664439405681212
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XnVid/DwfTNCDKUTisuLpBXPJjH9BL3rqzx5GH1zTNb1Lx1+:XVid/DwfT2KUTi7/XPJTbL3rqzx5GzTG
                                                                                                                                                                                                              MD5:8008F72ECA33168113BF191E38503787
                                                                                                                                                                                                              SHA1:E955FA0F508421836DF1DE60B9405CC310B1399C
                                                                                                                                                                                                              SHA-256:7744FCB23B17BAD1F7D66574158B06AF918590F13E0EBCE1550E86E2CD41388C
                                                                                                                                                                                                              SHA-512:C66418A1B16C88D205CDE3D154F907AF743DBBD4DD81CBA4870E2BE32C70784E9EE55B32670AAB984935F071BAB3D9F0C76C7551FCF9FF9FAD0CE6BCB591D4C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// rootKey > HKCU, HKCR or HKLM..// subKey - string..// sAccess > "ACCESS_READ", "ACCESS_WRITE" or "ACCESS_ALL"..function simOpenRegsitryKey(rootKey, subKey, sAccess)..{.. var result = null;.. var rootKey2 = null;.. var access;.. .. try.. {.. result = kCC["@mozilla.org/windows-registry-key;1"].createInstance(kCI.nsIWindowsRegKey);.. .. switch (rootKey).. {.. case "HKCU":.. rootKey2 = result.ROOT_KEY_CURRENT_USER;.. break;.. case "HKCR":.. rootKey2 = result.ROOT_KEY_CLASSES_ROOT;.. break;.. case "HKLM":.. rootKey2 = result.ROOT_KEY_LOCAL_MACHINE;.. break;.. } .. switch (sAccess).. {.. case "ACCESS_READ":.. access = result.ACCESS_READ;.. break;.. case "ACCESS_WRITE":.. access = result.ACCESS_WRITE;.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\release.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):146
                                                                                                                                                                                                              Entropy (8bit):4.767727345085542
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:8WlPUNFDMJ9+fkVLLxIWJVJM9BeqFHQLvC8uVL3DfFn:8WlcSJ97LRbJM9xFwL6tF3Dtn
                                                                                                                                                                                                              MD5:747594BE6C4F3CAD60FD041F4D6B2F7F
                                                                                                                                                                                                              SHA1:7281CE747E33CF70A00FA454BBD8C0757A8534B1
                                                                                                                                                                                                              SHA-256:0C82D59157B3985CBF6F254CA12A63AE86AE08EFF432EE423D0F630D7B58D123
                                                                                                                                                                                                              SHA-512:D3822A112247C1C6B5E405B6405693D52225326C1B1DCCEF44127A828C16517ADFEBD6F1E09D4EE5A983C1452361A708E9B08ADCBF004FB90A3588623B53E111
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// see relavent .h file..// "__ENABLE_LOGGING__" is not used anymore, to simplify and make only one build..// const __ENABLE_LOGGING__ = false;

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\remote.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2866
                                                                                                                                                                                                              Entropy (8bit):3.9577654921496856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:fUjX/azHQrw/Mt8vjVopMQDAGpORxQTho:kvaNjVo2CYH
                                                                                                                                                                                                              MD5:4D7F123CAD5ADDBBCD24532A7DA71839
                                                                                                                                                                                                              SHA1:A3E202D2E2E5E521DEE6C234AABFB3130108823F
                                                                                                                                                                                                              SHA-256:043DD5866F912585FAD932DF1735E702E904465BD8ABF04C7B62F257A5888B59
                                                                                                                                                                                                              SHA-512:FD4157D0889934B385FE3723C6230B259DDCAD93ED171C2486E5B462DE9BB806D60928AB16E4A11716CB60A8B1D0310F725034BA80B44EE9712AA6BAEFE94C78
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_scriptOnDocumemntComplete = null;....function simInitializeRemoteControl()..{ .. try.. { .. // MOVE to download complte of "control banner" ???/.. // step 1.. // get object of remote control web page.. var oElem = document.getElementById(SIM_REMOTE_CONTROL_ID);.. if (oElem) {.... if (oElem.contentWindow && oElem.contentWindow.SIMRC_getCodeForOnLoad) {.. // step 2.. // get script from remote control web page .. var script;.. script = oElem.contentWindow.SIMRC_getCodeForOnLoad();.. //alert("script = " + script);.... try {.. // step 3.. // execute script.. eval(script);.. }.. catch (e) {.. //alert("e = " + e.message);.. logSevere2(e);.. }.. }.. else {.. log

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\search.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13939
                                                                                                                                                                                                              Entropy (8bit):4.490104471837317
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hz4NrMFE5ypxxPgANkYser6lUljfT5wfimNN5h5Up:Pl5v6KtfT5wamNw
                                                                                                                                                                                                              MD5:A381E5306EA29348EB9965719A4F37E5
                                                                                                                                                                                                              SHA1:2602001F45E3EC3B07CD5E595843A20ACD3F9DCE
                                                                                                                                                                                                              SHA-256:7A5F71914DA2546E0C9D00B64A3CD3945312AA143768A8D7D2B8C472A38ED346
                                                                                                                                                                                                              SHA-512:0431AD475B09A019C3A1DFD730D97C0A07534A5BB8D9B9040092DC3350CBBD1BE47D302A5DAE94C6825B2F20C3C006EE4FD2D945D38D69F26A41EA667455756D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....var sim_g_historyCapacity = null;..var sim_g_arrExteranlSearch = null;....// trims start and end..function simTrimString(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return "";.... string = string.replace(/^\s+/, ''); // Remove leading whitespace.. string = string.replace(/\s+$/, ''); // Remove trailing whitespace.... return string; // Return the altered value..}....////////////////////////////////////////////////////////////////////////////////..// 1) Calls "simTrimString" to trim start and end..// 2) Removd "runs" - and convert all runs of more than one whitespace..// character into a single space. ..// The altered string gets returned...////////////////////////////////////////////////////////////////////////////////..function simTrimStringAndRemoveRuns(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\searchguard.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15169
                                                                                                                                                                                                              Entropy (8bit):4.471034320295774
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:1jHSjKtnD3TbQDzFPswdXNpF+KdoWkln6yBQdLJqKW87ZE0dhrBBhB4XqIh:ZyjKZD3vQDzFpXv3oWun6yBQdLJqKW8g
                                                                                                                                                                                                              MD5:AD60C046850E849FDE33AC00B901E559
                                                                                                                                                                                                              SHA1:663FD643D2640A319F759985BFAD727CDB26CABD
                                                                                                                                                                                                              SHA-256:39F6887369282791F458CA901DAA9690639931208CA08C7555601AA76CFC46E1
                                                                                                                                                                                                              SHA-512:42631BA9213413F857F3DAC4AABCA400D26A9303AA427D9E408FE8FF5923132E1F6D21E08DAE58B0879E07D0B49EE531D87239AF4C62EFF0FC82A513C17D1441
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_SEARCH_GUARD_PARAM = "st";....function simUnhideSearchEngine() {.. logEnter();.... try{.. var engine = simGetSearchEngine();.. if (engine!= null && engine.hidden == true) {.. engine.hidden = false;.. }.. }catch(e) {.. logSevere2(e);.. }..}....// checks if param exists in url of search provider (plugin)..// it is found under os:Param tag, in XML of search plugin...// didn't fidn a way to check this using API/XPCOM etc...function simCheckIfParamExistsInSearchProviderURL(paramName) {.. logEnter();.. .. var exists = false;.. try {.. var engine;.. var SP;.. var xml;.. .. engine = simGetSearchEngine();.. if (engine != null) {.. SP = simGetSearchPluginFile();.. if (SP.exists()) {.. xml = simReadFileToString(SP.path);.. if (xml != null && xml != "") {.. // we also check for prefix of &, bcz this is how we ad

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\searchservice.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1970
                                                                                                                                                                                                              Entropy (8bit):4.240138604578698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1ME/NbNZ4DmHfknInl/2gbNmK8hxo3i14DpWitBxgWoQfhRos2iQRpbX3HY:1MEwKsInf4ThK3iykit3Zhqs2iQfnHY
                                                                                                                                                                                                              MD5:D84A32AC7348C138C959B8DED416E3BE
                                                                                                                                                                                                              SHA1:7D3636316AE54ECD3950D7C041E54D9028C5C56F
                                                                                                                                                                                                              SHA-256:7057A6C5AA02C8C89957FC9688585B9D5484C0E739722BD714FA619FFB312BB8
                                                                                                                                                                                                              SHA-512:723B1C032C5151E9A285683830C07F687A9408252F71E2277D2C312EC640352D798C494D9A952CC26CA1488504E52359285767F322289A1A7D9F0DD9461C0C01
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchEngine() {.. var searchService = null;.. var engine = null;.... logEnter();.... try {.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != null) {.. engine = searchService.getEngineByName(SIM_SEARCH_ENGINE_NAME);.. }.. } catch (e) {.. logSevere2(e);.. }.. .. return engine;..}....function simAddSearchEngine() {.. .. var searchService = null;.. var engine = null;.. var bResult = false;.... logEnter();.... try {.. // step 1.. // check if engine already exists.. engine = simGetSearchEngine();.. if (engine != null) {.. logInfo("engine already exists");.. engine = null;.. }.. else {.. // step 2.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != nu

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\splitter.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3044
                                                                                                                                                                                                              Entropy (8bit):4.67890442222015
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:QTHlWfqcTUJrzQ2fgFDQtgM8irSjXgmcCHwZoOkKT0wTx:ucSdhzD0oYgmEX/x
                                                                                                                                                                                                              MD5:6AFA89C5ED43D559D7503C6C1C826FBC
                                                                                                                                                                                                              SHA1:83BBA8FDD394CFC46ABD3E093F177DFDD85FBBA5
                                                                                                                                                                                                              SHA-256:F0DA29B0A1584D22E79D24E278C1DF28BDADE53867D769AD0A7E27188EDAD3BA
                                                                                                                                                                                                              SHA-512:3E2806E1E9C11DEDD6F745C89F7A2F8058D09F3ED44DD638C9417F45C4DB4B7D89FD604BCA40E4D2D80D2A9279B13FCD70CB0EE659A313DA3F825435C7441AFA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// From: http://developer.mozilla.org/en/docs/XUL_Tutorial:More_Event_Handlers..// "The button and detail properties only apply to the mouse button related events,..// not mouse movement events...// For the mousemove event, for example, both properties will be set to 0."....var sim_g_dragging = false;..var sim_g_lastX = 0;..var sim_g_splitter_at_max = false;....function simInitializeSplitter()..{.. try.. {.. var oSplitter = simMyGetElementById("sim_toolbar_splitter");.. oSplitter.addEventListener('mousedown', simOnSplitterMouseDown, false);.. window.addEventListener('mousemove', simOnGlobalMouseMove, false);.. window.addEventListener('mouseup', simOnGlobalMouseUp, false);.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simOnGlobalMouseMove(event)..{.. if (sim_g_dragging).. {.. simUpdateSplitter(event);.. sim_g_lastX = event.screenX;.. }..}....function simOnSplitterMouseDown(event)..{.. //logEnter();..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\stringbundles.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1969
                                                                                                                                                                                                              Entropy (8bit):4.738627059733319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:8G7y6KggRBGVcIgy6wLvOjR7oaupozmc4soM4zfEce:dG6KRqVT6wzwtmkj/
                                                                                                                                                                                                              MD5:E030A1FFDA7407FB1C06FDB448BD7571
                                                                                                                                                                                                              SHA1:2DF2D30A384A1C19C56391C8C16A31828621B5EC
                                                                                                                                                                                                              SHA-256:AE8F9E51B3FF22C151D3E6FCE7B5DC603D29716D773AEFFF8B20FC75C7E3EA76
                                                                                                                                                                                                              SHA-512:F0F02A7492C4D23E9C7B5BC2A69BFC757A4D3C7F051C0774F15431895C4D892017D4AE882D7FBA301240723723058C37B8149A74C650CAA769F6614D658E2810
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_StringBundle = null;..var sim_g_nsIStringBundle = null;....// should be called from XUL, or JS, where "document" object is defined..function simGetStringFromBundle(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_StringBundle).. {.. sim_g_StringBundle = document.getElementById('sim_stringbundle');.. }.. result = sim_g_StringBundle.getString(name);.. }.. catch(e) {.. logWarning("exception for name: " + name);.. logSevere2(e);.. }.. return result;..}....// should be called from components, such as SIMAutoCompleteSearch.js,..// where "document" object is NOT defined..function simGetStringFromBundle2(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_nsIStringBundle).. {.. // load bundle directly.. // see "Creating the bundle via XPConnect".. // (http://books.mozdev.org/html/mozilla-chp-11-sect-3.html).. var src = 'chrome://s

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\sweetim-contentmenu.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):653
                                                                                                                                                                                                              Entropy (8bit):5.057236170457901
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMG8NWF77hHEdBMBMh5I9XoCtLDAHjxAHXq6tW0N1ZHXO+gcWqSVJIsXGvc8:38kX9E6BWI9X7LqINrOaW7gsc
                                                                                                                                                                                                              MD5:BB5DF7BCC2B69614EAA5111958390C72
                                                                                                                                                                                                              SHA1:14D1A1BF2E69F338B09382EB2E1B564D0CADC02B
                                                                                                                                                                                                              SHA-256:83492D77CA972E1D2D07A7842C836A78F64F49A753E8344354F16C61AAACF820
                                                                                                                                                                                                              SHA-512:711CADB3715B729E6A91560A098504D71CF64A19528173DF0017CA839738B4F654FFF97EDAC0534E3FF68E0BC2E2201DF4806AAF96DEBB698645D16268E5868A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>..<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>......<window id="id_window_sim_content_menu"... title=""... orient="horizontal"... hidechrome="true"... xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"... onload="simContentMenuWindowOnLoad(event);"... onunload="simContentMenuWindowOnUnload(event);">.... <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/contentmenu-handler.js" />......<browser id="id_browser_sim_content_menu".. ..src="http://content.sweetim.com/sim/mfftb20.html".. ..width="420px".. ..height="440px">...</browser>..</window>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\sweetim-toolbar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12636
                                                                                                                                                                                                              Entropy (8bit):4.680240080485856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:XVCcV9nwupCxD5AcVl1MMoRgYjVY3kPZR8qsXdW4B8aHdivE/FF:kM9w/l57KR6atSLlFF
                                                                                                                                                                                                              MD5:63448F76A72B0C3858601365E5083946
                                                                                                                                                                                                              SHA1:EFDD6D0BAF4F2E1ACE8D1E7AD5918BCD9AF4D998
                                                                                                                                                                                                              SHA-256:088BB06B17A050D1CA7D6EF082130E4B1752CB36D49E2184F4B207CA43813B02
                                                                                                                                                                                                              SHA-512:65C10E8507688ABBCF27403ED338D488314961DCEC5E145E96FD4B1E5392D6D748404353810BA6E58F5AC34FAE3C3AC86B8490BC8418A5B8FBAC0D1578D04590
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var g_sim_onload_completed = false;....function simOnFirstRun()..{.. try.. {.. logEnter();.. .. simOnInstall();.. }.. catch(e).. {.. logSevere("catch: " + e.message);.. }..}....function simIsFirstRun()..{.. var result = true;.. var has;.. .. try.. {.. logEnter();.. .. has = simHasConfigPrefs();.. result = !has;.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return result;..}....function simOnToolbarDOMAttrModified(event)..{.. try.. { .. //logEnter();.. .. if (event.attrName == 'collapsed').. {.. var bCollapsed = event.newValue == 'true';.. simOnToolbarCollapsed(bCollapsed);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}......// we get here, when user has hidden the toobar using..// "View"/"Toolbars" and the uncheck out toolbar..function simOnToolbarCollapsed(bCollapsed)..{.. try.. { .

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\sweetim-toolbar.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17033
                                                                                                                                                                                                              Entropy (8bit):4.649335724543702
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:NYebeeVIOFtAkvocIhzBeLdGrRY6hl6gfHZbOB71oOGJ:NYYSi4lZ+717GJ
                                                                                                                                                                                                              MD5:C5E042E981DB5DC014E02AAD88A1DE44
                                                                                                                                                                                                              SHA1:2DC36BD5A53B298A5C18672F1EECC9EB72DCCC69
                                                                                                                                                                                                              SHA-256:DBAB041CFA5D8696FC6830F7814848DABE75AC2BEE7F537A54F75D16CFB28A1E
                                                                                                                                                                                                              SHA-512:C87C57DC1E2A58EC2A0121F6DFE647C1B0734BAD53DDD08BDD2483E50888DDE5DE17A8518EB11C16E4A186A83099EA12478319502CBACD4754B5CAA85807C748
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>..<?xml-stylesheet href="chrome://sweetim-toolbar/skin/sweetim-toolbar.css" type="text/css"?>....<!DOCTYPE overlay SYSTEM "chrome://sweetim-toolbar/locale/sweetim-toolbar.dtd">....<overlay id="sweetim_overlay".. xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">.. .. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/main.js" />.. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/global-namespace.js" />.... <stringbundleset id="stringbundleset">.. <stringbundle.id="sim_stringbundle" .. src="chrome://sweetim-toolbar/locale/sweetim-toolbar.properties"/>.. </stringbundleset>.. .. not used since fix of RNDTBFF-56.. <popupset id="mainPopupSet">.. <popup.id="sweetim_popup_history".. type="autocomplete"/>.. </popupset>.. --> ....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\tabinfo-array.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2353
                                                                                                                                                                                                              Entropy (8bit):4.4133762029710155
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:/lQx+UoGfwVGhCyVj8Y1PXDKQDu1BjCxCto6qPlRPd9tfDQnZic4EwKCu9w+zauA:/UBoGfwoht8YF21IfLFDQ4c4kSJzQQ
                                                                                                                                                                                                              MD5:EDE3C37AA333FA205B96194440176B3A
                                                                                                                                                                                                              SHA1:550F751348470DCB586DA42834C26457A4B711B1
                                                                                                                                                                                                              SHA-256:8C2D75157683F82FD0F36058F73B68F924CA0BCA79F5F04D6EE51D31D020970F
                                                                                                                                                                                                              SHA-512:C8FF1992EE4C6C4C10422E67BE140BF7129D9D15F1E250689AEC8742E32BB65821B4BB6CEDC1BDB5447E2B2EB0D3D201546F73CE3FE7C0051D63CE22EC2667D4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrTabInfo = null;....function simGetTabInfo(tabId) {.. var oTabInfo = null;.... if (tabId != undefined && tabId != null && tabId != "") {.. oTabInfo = sim_g_arrTabInfo[tabId];.. if (oTabInfo == undefined) {.. logWarning("oTabInfo is undefined");.. }.. }.. else {.. logWarning("tabId not valid");.. }.. return oTabInfo;..}....// adds SIMTabInfo to array, for relevant tabId;..// returns the web progress listener object, which is associated with this tab..function simAddTabInfoToArray(tabId) {.. var result = null;.. try {.. if (tabId != null && tabId != "") {.. // step 1.. // create array, if not created already.. if (sim_g_arrTabInfo == null) {.. sim_g_arrTabInfo = new Array;.. }.... // step 2.. // create progress listener.. var oWPListener = new SIMWebProgressListener(tabId);.... // step 3.. //

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\tabinfo.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11111
                                                                                                                                                                                                              Entropy (8bit):4.412389992855388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:O0+++rWl/S5vHvXm0kqs1zeGY097hKBIBfI/RvWvXHcnmsccCiivJftPk9XCxjM:Ov++O/S5fv1zezi0pMOfn4iBkN
                                                                                                                                                                                                              MD5:603652891F4165AD4CE73E9B4AE82901
                                                                                                                                                                                                              SHA1:AB08428843B571051EB4F15EE2AD03408A04FAE9
                                                                                                                                                                                                              SHA-256:8D5BC4EC85859DD72D92552E8B5EEC890D41DDEB6F42DE4289564F6CB6E0C7FA
                                                                                                                                                                                                              SHA-512:6CA0C10601E1F83392CFEAF84E5BC3BDE60B9BD1B6D247C207CCEC6CF3E9215EE996C2C953A13B2C1ECE95781909B3D2A433CEED6EA6960022E89C765A2D8E75
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function SIMTabInfo()..{.. this._webProgressListener = null;.. this._sSearchString = ""; .. this._bHighlight = false;..}....function simGetSelectedTabBrowser() {.... var index = null;.. var oBrowser = null;.... index = gBrowser.mTabContainer.selectedIndex;.. if (index != null) {.. oBrowser = gBrowser.getBrowserAtIndex(index);.. if (oBrowser == null) {.. logWarning("oBrowser == null");.. }.. }.. .. return oBrowser;..}....function simGetSelectedTabURI()..{.. var oBrowser;.. var oUri;.. .. oBrowser = simGetSelectedTabBrowser();.. oUri = oBrowser.currentURI;.. .. return oUri;..}....function simGetSelectedTabHost()..{.. var oUri = null;.. var oResult = null;.... oUri = simGetSelectedTabURI();.. if (oUri != null) {.. try {.. oResult = oUri.host;.. } catch (e) {.. // we get here when tab is opened with "Addons Manager", in FF4.. // or when tab is e

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\tooltip.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3243
                                                                                                                                                                                                              Entropy (8bit):4.391385132766343
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:ijC31Dmdj5UY2c6Q6gm6aL6eN76bL6z/S:ijQ1Dmdj5J2PzgFa+eNub+z/S
                                                                                                                                                                                                              MD5:3CB6E2DE74E1DBA38BF405DD21786908
                                                                                                                                                                                                              SHA1:0E0B2EA4AF92DFF76FCBBA0F83D1659C6BB6A229
                                                                                                                                                                                                              SHA-256:155DF0BA4DFB6E9792D291B1C58B738EC0F908665E594205BA1445CC6EAF55B8
                                                                                                                                                                                                              SHA-512:E7A84B89EA6B18DE5298FE5632C71601423D989D17009D6D85E4B550848541838C9F2F8027938E379644E5D72802880B8576CF10B76338DC62B7AE413F70ADA5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// Explenation: why we use "simOnTooltipNeedText" for dropmarkers:..// This method is used to set a tooltip to a dropmarker,..// Since setting "tooltiptext" doesn't work...// This code was used (and didn't work):..// oDropmarker = document.getAnonymousElementByAttribute(oButton, 'class', 'toolbarbutton-menubutton-dropmarker');..// oDropmarker.setAttribute('tooltiptext', strTooltip);..// As said, it doesnt't work (apparently requires adding xbl binding), so the trick with..// "simOnTooltipNeedText" is used instead....function simIsFromDropmarker(node)..{.. var result = false;.. try.. {.. // this "trick" is not documented... // it is by trial-and-error, and comparing all.. // atrributes of the button, when the mouse is over.. // the button itself VS mouse is over the dropmarker.. if (node.hasAttribute("buttonover")).. result = false;.. else.. result = true; .. }.. catch(e).. {.. logS

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\uninstallobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6308
                                                                                                                                                                                                              Entropy (8bit):4.322938270187311
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:FizaB32QhH8Ocuzwa5o4KQqkhJzyjz35UAlxlONyOopRQMVD:xNlWVv5zkCZjlxAqzQMVD
                                                                                                                                                                                                              MD5:D6F084EB3DB05BC7DE868C5A43266E22
                                                                                                                                                                                                              SHA1:31EDAEE1B293F2304AFEAA1F8DC655FAE8D97947
                                                                                                                                                                                                              SHA-256:D3144F66CA27D00ADD929B16A377EB4197BE80403F104FB577E48EE7CBB02A1A
                                                                                                                                                                                                              SHA-512:B4F2382A0473755FB495ECD00EBF3C4FAB00163BC07F2DDEC737E3358EE7F922399834416DE1C6A5AFAD47D68D1F3F10319F4DACA02D33BB232B99121F37C933
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// based on:..// Creating an uninstall script for an extension..// http://xulsolutions.blogspot.com/2006/07/creating-uninstall-script-for.html....const g_SWEETIM_EXTENSION_UUID = "{EEE6C361-6118-11DC-9C72-001320C79847}";....function simInitializeUninstallObserver(){.. .. logEnter();.. .. try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simAddAddonListener();.. }.. else{.. sim_g_UninstallObserver.register();.. }.. }catch(e){.. logSevere2(e);.. }..}....function simUninitializeUninstallObserver(){.. .. logEnter();.... try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simRemoveAddonListener();.. }.. else{.. sim_g_UninstallObserver.unregister();.. }.. }catch(e) {.. logSevere2(e);.. }..}....var sim_g_extensionManager = null;....// gets the extensions manager ("addons dialog")..function simGetExtensionsManang

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\version-ff.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3189
                                                                                                                                                                                                              Entropy (8bit):4.859823909450792
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:yNLUXUmNLUdUoNLUuUhNLUYUGNLUbUxVGs+:y+km+Oo+5h+PG+IxVGs+
                                                                                                                                                                                                              MD5:626EC7868806436521619FFA2D4C43AE
                                                                                                                                                                                                              SHA1:7CC61D0CF2655750D4DE24A019EB68C49F24F9C3
                                                                                                                                                                                                              SHA-256:23A71210EAEE3F9CE45FA18C4066469D1D08246228999A32FDE68AB7A04A21ED
                                                                                                                                                                                                              SHA-512:A6C43FDB39890D82140DA955FCEDF33EAC0B1195ADE82A865C8DF4AE8397989C1696A400DAE5BBC38CC3AED590A041F1314C42E7B0DC5CB2A8A5C14AB914E46C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// geckgo version < param version..function simGeckoVersionLessThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) < 0) {.. result = true;.. }.. }.. else {.. logSevere("kCI.nsIXULAppInfo");.. }.. return result;..}....// geckgo version > param version..function simGeckoVersionGreaterThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) > 0) {.. result = true;

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\version.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1864
                                                                                                                                                                                                              Entropy (8bit):4.240060812234503
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:lrzBe/hEjROmSYbh/VQB3tE2kDZeD2ex1ckibN2TaSDpzt7/R4V3Dnce:5IcrRhdQptEVeEO767ce
                                                                                                                                                                                                              MD5:2871DC9B99AEEB281122611968CFF89A
                                                                                                                                                                                                              SHA1:3FEBAD1B619F1E00C4D028D4BF6EAD1C68BF8BAD
                                                                                                                                                                                                              SHA-256:D26BEA9835FD7449906E44DCD8A390C8FB6F1A56D3BBA76D8F0331C36ED01CD3
                                                                                                                                                                                                              SHA-512:43489D6C1ECC3C3A34B421D13893F1BF5BD1A074F79C050965B3CD2950333FAF8D10A4E5B9751C11A737B09EACF975A9694186A0AFA612DB3E3788282F797B45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// globals, used for getting version in FF4..var sim_g_version = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.. // step 1.. // set global value.. sim_g_version = addon.version;.. // step 2.. // set evant.. sim_g_event.value = true;.. } catch (e) {.. logSevere2(e);.. }..}....function simGetVersionFromRDF() {.. .. var version = "";.. try {.. logEnter();.... var oDetails = null;.. oDetails = simGetAddonDetails();.. if (oDetails != null) {.. version = oDetails._version;.. }.. else {.. logWarning("oDetails != null");.. }.. }.. catch (e) {.. logSevere2(e);.. }.... return version;..}....function simUpdateVersionFromRDFInPrefs()..{.. try.. {.. var version = simGetVersionFromRDF();.. simSetConfigValue("version", version);.. }.. catch(e).. {.. logSevere2(e); ..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\wait.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                              Entropy (8bit):4.159322508675548
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nI9uwAoWL0vDaGH557rFqiVvHZfcaUsicL:1n4u9S5vEi55kaucL
                                                                                                                                                                                                              MD5:29473F2C75F43F49572F1BF8868B9C74
                                                                                                                                                                                                              SHA1:17091A09EFC714CF73A0C0211CDE5B4670624148
                                                                                                                                                                                                              SHA-256:F336277ED0859E586E814110D7260345BBB9531DD0914A1B9F72A27BCEBB8286
                                                                                                                                                                                                              SHA-512:C071FD05145916BAF91F572D0DBECF91931D11E7126C7354AB0BF61C2A0DEBE6CF7D1EC58BD240A876C08E633D7EA8D76B8C1F2F233DC9F67425C2925A782A5D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyEvent() {.. this.value = false;..}....// waits till the param event value is set to true..// returns true if event coccured, false if timeout reached..function simWaitForEvent(oMyEvent, timeout) {.... var result = null;.. try {.. var loops = 0; // used only for debug.. var start;.. var now;.. var elapsedMillSecs;.. var thread = kCC["@mozilla.org/thread-manager;1"].getService(kCI.nsIThreadManager).currentThread;.... // step 1.. // take snapshot of current time.. start = new Date();.... // step 2.. // while event not set to true.. while (oMyEvent.value != true) {.. loops++;.... // step 3.. // check if timeout elapesed.. now = new Date();.. elapsedMillSecs = now.getTime() - start.getTime();.. if (elapsedMillSecs > timeout) {.. // if timeout elapsed -> break.. result = false;.. br

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\content\webprogresslistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2992
                                                                                                                                                                                                              Entropy (8bit):4.687458025277307
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:V7BcIl2uVA1wbXMJGOPbySbKH/JWRU8rSWTeAgn9:5BRwKHhWRJSWTeh9
                                                                                                                                                                                                              MD5:D7AC8AA1B5ED24A1CE649258252D0184
                                                                                                                                                                                                              SHA1:CC9B641450B84CDE7D0936043836B4E7C53F42FC
                                                                                                                                                                                                              SHA-256:E3B25502DCA1B164A6F01F087EF913F9F7B869989BF09FE70EFF747D0BA59CBA
                                                                                                                                                                                                              SHA-512:DCAAE7CC5FB24346BECD5B11F244EFBED30625404048F7ECB9678F0567BAF627D8C4D5A205C7A79425D14DC561856D258F56E0FAD2DB7EAE1223439A7DD96ED0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const WP_NOTIFY_STATE_NETWORK = Components.interfaces.nsIWebProgress.NOTIFY_STATE_NETWORK;..const WP_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const WPL_STATE_IS_NETWORK = Components.interfaces.nsIWebProgressListener.STATE_IS_NETWORK;..const WPL_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..const WPL_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const WPL_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;......//..// Object SIMWebProgressListener..//....// Listener which catches events when page is being loaded within a tab...function SIMWebProgressListener(tabId)..{.. if (!tabId).. {.. // get current tab id.. tabId = simGetSelectedTabId();.. if (tabId==null || tabId=="").. {.. logWarning("invalid tabId");.. }.....}.. this.tabId = tabId;..}....// Listener object - designe

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3226
                                                                                                                                                                                                              Entropy (8bit):4.968367102212091
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:wt3gCoVqrKAh+1zqI1tKSUyjBCS43IBAdTSmTHCow3pCeVLLv:OMYL0zqOIbAAVTQpBV3v
                                                                                                                                                                                                              MD5:343E720BF01C524700FD1371E25ED76F
                                                                                                                                                                                                              SHA1:4513CE9406E22284E73D8235807B8EC341801FAC
                                                                                                                                                                                                              SHA-256:E5F0DC1A6B2A6B251C616B05A18AA0E56CAB386646F7806B2753C3D1BEE63BFB
                                                                                                                                                                                                              SHA-512:0794397E3706E3CBBEF9473E03DD6CBC3594A818458FC6EF2E33E9B53EAA4C85F5F40E7BF0426255D68DFC13B881B6925CF884D07E756081073D098A80EA9D9E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Start">..<!ENTITY sweetim.main_menu.search.label "SweetIM Suche">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Zu den SweetIM Foren gehen">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Hilfe">..<!ENTITY sweetim.main_menu.feedbcak.label "Feedback Schicken">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Kontaktieren Sie uns in allen Fragen rund um die SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Datenschutz">..<!ENTITY sweetim.main_menu.privacy.tooltip "Datenschutzinformationen zur SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Hier k.nnen Sie Ihre Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Cache

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                              Entropy (8bit):4.780426889876654
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E915lh2Z3IlUPDmTGEcLvKESsO96yTiTXKo8HqybkE/rOeopllQPVY:kuIWShmvKETOEHkqA3mt
                                                                                                                                                                                                              MD5:A9B471175D46F7E036E663F420F7B8F1
                                                                                                                                                                                                              SHA1:FB4BF0AC6393BBF9D10E8243F0660A1B0E86165F
                                                                                                                                                                                                              SHA-256:C0493FC117448470EA45CC0C303FC24597B6F73DBC3B5CEC823A34ACEAC3A224
                                                                                                                                                                                                              SHA-512:C0DA03C559E677F9D566575FCA19522064D6D6BD048644143DF1DEE606E89072E950C593A3F8052412BDD9627926FDEC5EA845C8EA58C7928B714E20A0B204B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Hervorhebung der Suchbegriffe auf dieser Seite umschalten..sweetim.property.button.highlight.disabled.tooltip=Text im Suchfeld eingeben um ihn hervorzuheben..sweetim.property.button.findword.tooltip=N.chstes Vorkommen von '%1$S' im aktuellen Dokument finden..sweetim.property.history=Chronik..sweetim.property.button.main_menu.tooltip=Zu SweetIM Suche gehen..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Men...sweetim.property.button.search.tooltip=Web-Suche..sweetim.property.button.search.dropmarker.tooltip=Klicken Sie zur Auswahl anderer Sucharten ..sweetim.property.menuitem.chevron.highlight.label=Highlights..sweetim.property.uninstall.title=%S deinstallieren..sweetim.property.uninstall.text=M.chten Sie die SweetIM Homepage und SweetIM Sucheinstellungen beibehalten, so dass Sie weiterhin schnellen Zugriff auf leistungsstarke Internetsuche genie.en k.nnen?..sweetim.property.searchguard.hp.caption=Homepage-Einstellunge

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3103
                                                                                                                                                                                                              Entropy (8bit):4.908927731948598
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1BMMgluIHzUgLA9k3tgxmHMdT8fdLMMB4ZqBMMwMCtMVLuMv:/j+VzUCYUsqlwujnPVNv
                                                                                                                                                                                                              MD5:2B62306DADAAC6BC5992539D32CEE068
                                                                                                                                                                                                              SHA1:AEF00558ED94D83E35FE470EE31574201D02ABC4
                                                                                                                                                                                                              SHA-256:B79F50D22CB081A3C96AFAAB7E362A60C2259C0A76B82B94DDFAF2370A9A8E36
                                                                                                                                                                                                              SHA-512:C7B39C09C9FF5B2BA75634DD79D199F4189784192F5FFCF933B3CA4AA049E65EC1308D63C3BD3A65C0E369C6291DC80A37397AD1CCDB528B134F9C6F9466BD4C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Search">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Go to SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact Us">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contact us in all matters relating to SweetIM Toolbar for Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy Information">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Toolbar for Firefox privacy information">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Clear Cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "This will erase your cookies">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Clear Cache">..<!ENTITY sweetim.trackserase

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1535
                                                                                                                                                                                                              Entropy (8bit):4.634286586985755
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Gs82eGZumVva6g3VreT3un57aoPUakT+4bXakT+f5oLJhbB:F6uYvIreT0GoCTLlT8qJn
                                                                                                                                                                                                              MD5:F328392AF820D3B5E73CFCB4982270AE
                                                                                                                                                                                                              SHA1:741DCA0A4BE0FC3F9F43ADE15FABA882243CF785
                                                                                                                                                                                                              SHA-256:04AEB167614D959F0EE1FBA37D10018D3CE8D77C0AC8336E0A2C388DDEF63AF5
                                                                                                                                                                                                              SHA-512:74BE6B647AEEEB2DAE2B7160ABDE358B9A208E4F6DB7D8DDF69147E7831CEBAD9171A1E311264143CA6528FA8B1CE80C1CC13EAE2549707A685BC517234AB87F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Toggle highlighting of search terms on this page..sweetim.property.button.highlight.disabled.tooltip=Enter text in the search box to highlight it..sweetim.property.button.findword.tooltip=Find next occurrence of '%1$S' in current document..sweetim.property.history=History..sweetim.property.button.main_menu.tooltip=Go to SweetIM search..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Search the Web..sweetim.property.button.search.dropmarker.tooltip=Click to select other search types..sweetim.property.menuitem.chevron.highlight.label=Highlight..sweetim.property.uninstall.title=Uninstall %S..sweetim.property.uninstall.text=Would you like to keep the SweetIM homepage and SweetIM search settings so you can continue enjoying quick access to powerful internet search?..sweetim.property.searchguard.hp.caption=Home page Settings Change..sweetim.property.searchguard.hp.message=Your default

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3363
                                                                                                                                                                                                              Entropy (8bit):4.953586806232814
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:el1K9muYgYqOHznSNEnlZoY8rSYQhfY3cThI/5s7YFfLC:Y5zKEgSI/5OYFf2
                                                                                                                                                                                                              MD5:DA4E42A8F0D9CB3FE917D9B08DFF4E44
                                                                                                                                                                                                              SHA1:9224598E58A628E1125683A8C17823B269380DF9
                                                                                                                                                                                                              SHA-256:3B2597E3A3995619AD16ED69829FA0990CDFFB97B7F6525E3D9F05C2BF46D83C
                                                                                                                                                                                                              SHA-512:B3D36A91B073CFC63CC6CE4A9759564D9825E49B89140C4A0170C6654E61B43C0781524218BA6694F522B0D71FC50F86AB3537F9D8C2D62C462B43E632AB90A4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Inicio SweetIM">..<!ENTITY sweetim.main_menu.search.label "B.squeda SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Panel de mensajes SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ir a Foros SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Borrador de pistas">..<!ENTITY sweetim.main_menu.help.label "Ayuda">..<!ENTITY sweetim.main_menu.feedbcak.label "Cont.ctenos">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "P.ngase en contacto con nosotros en lo relacionado con la barra de herramientas SweetIM par Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informaci.n de privacidad">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informaci.n de privacidad para la barra de herramientas SweetIM para Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Borrar cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Borrar. sus cookies">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1805
                                                                                                                                                                                                              Entropy (8bit):4.692581821283924
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9zIxp2HNZB46N8vLcJxcyRIE2BZwuu39Aue1SXi9n4uevlXe9hue+:2IxiNZB4xvLMxvaK9AueN9n4ues9hue+
                                                                                                                                                                                                              MD5:390E575C828684329B97619EB451ED83
                                                                                                                                                                                                              SHA1:651CBB3F2C1C8A360CBAE4D00E77AD3FAF24A330
                                                                                                                                                                                                              SHA-256:67FD3B472B8243E1B101BA54427E78C0C3C0DCC1EE61E1389A6C0BFA70CE5A9C
                                                                                                                                                                                                              SHA-512:6F7BA65224DE94A5D388D6CAF23B544A95FBE9B059680743C2D48D979B4BAFD4D1A8897E2E97415E1D77AD8AD4ACC5952C981E757428730456714FFF81D5F571
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Alternar el resaltado de los t.rminos de b.squeda en esta p.gina..sweetim.property.button.highlight.disabled.tooltip=Introducir texto en el cuadro de b.squeda para resaltarlo..sweetim.property.button.findword.tooltip=Buscar la siguiente aparici.n de '%1$S' en este documento..sweetim.property.history=Historial..sweetim.property.button.main_menu.tooltip=Ir a b.squeda SweetIM Search..sweetim.property.button.main_menu.dropmarker.tooltip=Men. SweetIM ..sweetim.property.button.search.tooltip=Buscar en la web..sweetim.property.button.search.dropmarker.tooltip=Hacer clic para seleccionar otros tipos de b.squedas..sweetim.property.menuitem.chevron.highlight.label=Resaltar..sweetim.property.uninstall.title=Desinstalar %S..sweetim.property.uninstall.text=.Le gustar.a conservar la configuraci.n de la p.gina de inicio SweetIM y de b.squeda SweetIM de manera que pueda seguir disfrutando de un r.pido acceso a una potente b.squeda de Int

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3386
                                                                                                                                                                                                              Entropy (8bit):4.946143805128272
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:YUOGEF59RzwDJXc3Ga9jwTfBtVdgs5zglLXMa:gRzwDJCj8fwsIga
                                                                                                                                                                                                              MD5:4FA0C67A5376147914F61095F68FF413
                                                                                                                                                                                                              SHA1:467B3B262F1803CF4CB11F0DF1189305CCA6493C
                                                                                                                                                                                                              SHA-256:38A9AAE24ABCF3ED24EA64E8A1A3831DA557C6B60582A70E3973E4F78B97E8A3
                                                                                                                                                                                                              SHA-512:A53D7BE419CE82A65314FF5404F51CAA9DBDDD999D0B4315095FDFBBCF2E33A2FF26750E39913BD52E15CEF557F26A9076CB2B6DA6394884B8D37093C2865622
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Accueil SweetIM">..<!ENTITY sweetim.main_menu.search.label "Rerchercher dans SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Forum SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Aller aux forums SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Effacer mes traces">..<!ENTITY sweetim.main_menu.help.label "Aide">..<!ENTITY sweetim.main_menu.feedbcak.label "Contactez-nous">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contactez-nous pour toutes les questions li.es . la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Charte de confidentialit.">..<!ENTITY sweetim.main_menu.privacy.tooltip "Charte de confidentialit. sur la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Effacer les cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Ceci effacera vos cookies">..<!ENTITY sweetim.trackser

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1943
                                                                                                                                                                                                              Entropy (8bit):4.7702687098251415
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Zk52rt7rzISjGKvkN9wqXvljqrKAYsjHZTCQAKYWYaPpT4QPOD0YWIKWl:0NtcSjRvCvljqm+1aaXPYK+
                                                                                                                                                                                                              MD5:4431C2790194EF7E437143F23CDC29E4
                                                                                                                                                                                                              SHA1:7BF58B987029638CF9DE413DC2086E842F429290
                                                                                                                                                                                                              SHA-256:BD64BB1D5964DDA5DCCC0E25ED26C51A10F6F3393DC8F608B7C1EC6F51B352E8
                                                                                                                                                                                                              SHA-512:0C72707E11613C8D3F4794B3FAC82D8CBFC8F1825BA721B5D08F5B718B5CEC8735FE0CA5C9886297F8EAA02189BC08A7A83E5AA030F48545177BFD5B10D91487
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Activer/d.sactiver le surlignage des mots recherch.s sur cette page..sweetim.property.button.highlight.disabled.tooltip=Saisir le texte dans la fen.tre de recherche pour le surligner..sweetim.property.button.findword.tooltip=Rechercher l.occurrence suivante de '%1$S' dans le document actuel..sweetim.property.history=Historique..sweetim.property.button.main_menu.tooltip=Aller . la recherche SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Rechercher sur le Web..sweetim.property.button.search.dropmarker.tooltip=Cliquer pour choisir d'autres types de recherche..sweetim.property.menuitem.chevron.highlight.label=Surligner..sweetim.property.uninstall.title=D.sinstallation de %S..sweetim.property.uninstall.text=Souhaitez-vous conserver la page d.accueil SweetIM et les param.tres de recherche SweetIM afin de continuer . profiter d.un acc.s rapide . une recherche In

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3350
                                                                                                                                                                                                              Entropy (8bit):4.8917769951145
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:IfLNtmvDvLn05w5rzbQryFfDCBJvfToBep+ILYMa:IKbTn05wZzbQGVevcBlITa
                                                                                                                                                                                                              MD5:7AEE63481187ECEE6DB55617A6B75C56
                                                                                                                                                                                                              SHA1:77323755C9533660E759681FBDAEAB3175AA1886
                                                                                                                                                                                                              SHA-256:AD9DC46F37E945240BD28DCE8F0B7E930DBDE6071658A7D1CF2A77C2D1AA8685
                                                                                                                                                                                                              SHA-512:B412F7AFB983D5DB746A3FBEA849D8D6551D5CB632325E2574DFD6FEBADBFA17C0FAD8E7BF2E508BC409C330A28F8270BBCE45FFA43B3C5A145C3048DD64C572
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "Cerca con SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Area messaggi SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Vai ai forum SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Cancella tracce navigazione">..<!ENTITY sweetim.main_menu.help.label "Aiuto">..<!ENTITY sweetim.main_menu.feedbcak.label "Invia commenti">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contattaci per qualsiasi problema/quesito relativo alla barra degli strumenti SweetIM per Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informazioni sulla privacy">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informazioni sulla privacy della barra SweetIM per Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cancella cookie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "L'operazione canceller. i cookie">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1607
                                                                                                                                                                                                              Entropy (8bit):4.584285505783685
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9YN2z/BC7vGlvPljRuq67EVhocEzZGwPFuOpEhoPyY7L:7uiv2vx0q6Q/oLz9OoqY7L
                                                                                                                                                                                                              MD5:E812535CE93B3877F4414DADF040B5F3
                                                                                                                                                                                                              SHA1:2D99203C28D900F4A891D7F0AC1C3B2B12168714
                                                                                                                                                                                                              SHA-256:4E8785F17DBEA4756212BD7705E98DA81A8D850F083E0ED0D97F83370DDCF101
                                                                                                                                                                                                              SHA-512:CED8B831D8117127F593FDB60EB24B7F96AED1E1E5B867886D4BBDC6F127D1B1F8E5413254802B2037537DAE913900877114FE51BC1D8D8A6218192142622BBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Attiva l'evidenziazione dei termini della ricerca su questa pagina..sweetim.property.button.highlight.disabled.tooltip=Inserisci il testo nella casella della ricerca per evidenziarlo..sweetim.property.button.findword.tooltip=Trova la successiva occorrenza di '%1$S' nel documento attuale..sweetim.property.history=Storico..sweetim.property.button.main_menu.tooltip=Vai a Cerca con SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Cerca nel web..sweetim.property.button.search.dropmarker.tooltip=Fai clic per selezionare altri tipi di ricerca..sweetim.property.menuitem.chevron.highlight.label=Evidenzia..sweetim.property.uninstall.title=Disinstalla %S..sweetim.property.uninstall.text=Vuoi salvare la home page SweetIM e le impostazioni di ricerca SweetIM per accedere rapidamente alla nostra potente ricerca Internet?..sweetim.property.searchguard.hp.caption=Cambio impostazioni Home

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3273
                                                                                                                                                                                                              Entropy (8bit):4.947891556350373
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:f2r110JZGwl/a61lQsO1zscYDB0wyPzoSH51UJ+MOl7T+RisLcyFQLtl6WyI76DD:f2rICoEzTq0wyZ1g+fl7TBsaVVm/Lv
                                                                                                                                                                                                              MD5:01AC12BC348313FC5737F0C433088AD5
                                                                                                                                                                                                              SHA1:5C3F83C74ED43303D2A45070237911823DC06624
                                                                                                                                                                                                              SHA-256:B24408110B993F10E2205EA02E71EE66F5D5416304AFE1445F817B956B61A737
                                                                                                                                                                                                              SHA-512:3A0C823819BE7AEA64CC418A583B2974CA35D27573375028F386AEF1473088F172B4582C742C216736338C3126059B6A1457C5DADCAFED0940DF4422E5CE7FDC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Zoekfunctie">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Mededelingenbord">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ga naar SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Sporenuitwisser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact-informatie">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Neem contact met ons op over alles wat te maken heeft met SweetIM Taakbalk voor Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy informatie">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Taakbalk voor Firefox privacy-informatie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Verwijder cookies ">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Dit zal uw cookies wissen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Ve

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1692
                                                                                                                                                                                                              Entropy (8bit):4.595629503022333
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9R2Xa+CgtWLmDvCwu0D+34bIcgPsVrPbjhgMhgPBQqPpTkg:s5gtgIvnD+tLgbrSTdkg
                                                                                                                                                                                                              MD5:582BEFD8357EB62BD9ADA8CA3F4D3E02
                                                                                                                                                                                                              SHA1:C6F8C959A779F90C99947956E1F38CA1429D08D5
                                                                                                                                                                                                              SHA-256:68513E080CD6D3B3CC9B1D55E5A3EFC40D341E6B7E2C29392A3C0AE046E20BB6
                                                                                                                                                                                                              SHA-512:FA4E7D22912E20ACC1B23214A60C343EA88DA0A20860F061599EE3113D2077964BF356B7ED5028D735911CB942D6359ADF81268BAA28B86AA0CF350F4C280618
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Markeren van in- en uitschakelen van zoekonderwerpen op deze pagina..sweetim.property.button.highlight.disabled.tooltip=Voer tekst in bij de zoekbox om die te markeren..sweetim.property.button.findword.tooltip=Vind de volgende keer dat het '%1$S' voorkomt in het huidige document..sweetim.property.history=Geschiedenis..sweetim.property.button.main_menu.tooltip=Ga naar de SweetIM zoekfuntie..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Zoek op het web..sweetim.property.button.search.dropmarker.tooltip=Klik voor het kiezen van andere zoekfuncties..sweetim.property.menuitem.chevron.highlight.label=Markeer..sweetim.property.uninstall.title=%S de-installeren..sweetim.property.uninstall.text=Zou je de SweetIM homepage en SweetIM-zoekinstellingen willen bewaren, zodat je plezier kunt blijven hebben van een snelle toegang tot een krachtige internet-zoekfunctie?..sweetim.property.search

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\SmileySmile.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4706
                                                                                                                                                                                                              Entropy (8bit):7.939609866150524
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTLTT3Aau8Z3pqoMN4t4qDhV6c:nSDS0tKg9E05TLTTHu8E4t4qDrl
                                                                                                                                                                                                              MD5:72C9881C090F7C954451691AEC0266D2
                                                                                                                                                                                                              SHA1:E0572385B740CAD95B8471A77CF1384A8A4EC687
                                                                                                                                                                                                              SHA-256:510F120EFE2F234C3662020143BC9F606EABCFCB80C901D53EA8BCA753A27E92
                                                                                                                                                                                                              SHA-512:C6A1B65EAEF3C1A3A49A53024F7E4AD898286A2AF8D779E6088B54E95C06616570D39CBCE202E48C59A05224AE41BF8AC66778B4248ED319E6F36A0FEF9FA2E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\SmileyWink.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4513
                                                                                                                                                                                                              Entropy (8bit):7.923205264207793
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTJlJ0NDxK+muSJyXnmlqsOc:nSDS0tKg9E05TbaDxLmuuyXmYsOc
                                                                                                                                                                                                              MD5:A75E7B7FB7225134A01B01C6985086C3
                                                                                                                                                                                                              SHA1:C18649F3DC4CFD551CD861FFAFAB51B98B8CBCE8
                                                                                                                                                                                                              SHA-256:000D8E36A1D432D6F6C182D41DEADB3F3B051CC5C5B32AFCAC6B3A80C4D802EA
                                                                                                                                                                                                              SHA-512:590812B335FB7AC128AEB4012960377AB2E2FC1D03A1418287DDFE074874B9C12D0D76F021126EC7FB06668281C2E91ADB678DB4B3B49E612D3BE74E954DA52F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):318
                                                                                                                                                                                                              Entropy (8bit):6.864702191037678
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPmNp1ZsRgPkHK9SQQxL95uLcIR5lgxmWZ2/vFvgUl7dp:6v/7uNpLmgPe4SQQL9+lggWM/NDz
                                                                                                                                                                                                              MD5:CAF9A4DFDDFD2568B37781AFB55DF16D
                                                                                                                                                                                                              SHA1:60405FE8FE085DC0062B77450A9CE9049552AACB
                                                                                                                                                                                                              SHA-256:05F666FCBD4A108C0DFAEE4BFA0414294694014C35E0603A2E944182C6DA7F2E
                                                                                                                                                                                                              SHA-512:73F133C02944F6FBEB2CD2DD142E2A2808017A1C8153AF8DB2B47143A2BCBFE0FA8E9FFBCC1DA84DC544D8E14FDAF8B34FC1EFF89E60792E84A780D28C32CD38
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....IDATx.c..L....H..A..V~....._!N....1+.W.........A@...f'....P..'..,..'..n.bxu.C..|}.p....c 6P.R.T.(x".C.P.\-..(6(F0XL.1....A.V.]5..5......5...9..M..F..A...X.....`......{.................h.n.[.@....*./...0.@c..........P..10.O.A..5-..........@......%>R....{..,......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\clear-history.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3279
                                                                                                                                                                                                              Entropy (8bit):7.900863279277824
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:CXHt+JcNgOSiS4XsAYNpf2ESN5B6Ee1rEV:2oONgOLPXsAYnIB6Ee1G
                                                                                                                                                                                                              MD5:55FE3A0B1E9F8B4FDB84FC3E206276A2
                                                                                                                                                                                                              SHA1:669B6C3560552027D0C7E4737E1703E52A7D77C0
                                                                                                                                                                                                              SHA-256:5E443B66113C0ED5D2B49EA60E681D9D8B561798ED60C8E53441E63250740E6D
                                                                                                                                                                                                              SHA-512:85E3FBBDE3444D3E8304CA490A9A251D92AE575FE2A0B9A6DE9E86952D958ADF648C106C5DC929B3B2EE2D44114FAEE23635BD57AFEE54F9455FC6A5E642CE5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3287
                                                                                                                                                                                                              Entropy (8bit):7.891546537282907
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODRqVwJkvMG:bSDZ/I09Da01l+gmkyTt6Hk8nTUwCvMG
                                                                                                                                                                                                              MD5:A143CA61BD925BF5831EE74BDDDF1DA4
                                                                                                                                                                                                              SHA1:D0E822D6BACEA7F506481037176E04457D719DC5
                                                                                                                                                                                                              SHA-256:54B97C1D6C6F4D704D16C953FE100D4453FC5592FD9EF5AFB33260890FDB0618
                                                                                                                                                                                                              SHA-512:104544409128871B258B9623E942F07E37CF485C5A3EB3AF0EC8BC99E0D5C756D236F2F63BB267DACA87F6D2DCC0DE03F62C99AB73BC048A0660A80B87A3F308
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\finance.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3410
                                                                                                                                                                                                              Entropy (8bit):7.894828125786389
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTBqBXTmTIDY:bSDS0tKg9E05TB
                                                                                                                                                                                                              MD5:E1A82CF04E37B212A2843D9967FC12C4
                                                                                                                                                                                                              SHA1:F096383C90B7C3A8A397671A2E96F81C2958FB0B
                                                                                                                                                                                                              SHA-256:B866837AB746FAFF5D2C6201A270CECC14D7A57A311ABE5AEA4D32C7E02A1CA8
                                                                                                                                                                                                              SHA-512:965FD8C91B4FFE9D0FEFF9FF416057C9651F05A34FCBCF7EB2B4B15F1B36C01C2DF2E169483BC545CDDBF8478ADCA89298E8A4EF7F344BF2AB7170D058C21AC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\find.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3371
                                                                                                                                                                                                              Entropy (8bit):7.896512358734088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTMdfMVRfAQNq:bSDS0tKg9E05TOfM3fNq
                                                                                                                                                                                                              MD5:148C71F4C4A537A1F286ED3F40D39ADB
                                                                                                                                                                                                              SHA1:9FFDA4FBE2C432191B94A7E71A0295899513AC41
                                                                                                                                                                                                              SHA-256:AF8F54A2730DE3323D559A0D0D4272598BA2F13865C2620152AA4E78037E2048
                                                                                                                                                                                                              SHA-512:8B6B397BEC1DA5EA85E04DB3C0C4E6EB4F9DC4EDC1760EF5FDC62B970182BE4F2E61C391038F71D9F89583CCAF4786EE9CE6039C0E595CCD783C86636750BCB2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3341
                                                                                                                                                                                                              Entropy (8bit):7.887714626414327
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nT2SDZ/I09Da01l+gmkyTt6Hk8nTno/AW0QE+H:T2SDS0tKg9E05TnoIy
                                                                                                                                                                                                              MD5:A66632B80FC122541E246BAD41A3E0EE
                                                                                                                                                                                                              SHA1:2BACE9CCC0D1E4BBDF578755718FB61E60190AB7
                                                                                                                                                                                                              SHA-256:8257229ACA8F9E1BA64A9D881A16817B216A429867E7FB9DF7D15915663B7E67
                                                                                                                                                                                                              SHA-512:0E2F088B7E681C5172548A57F5D175701F9873B8D56ADB06ED633A724AE94FA6E659D80A3A9BFC9FCDF59B311E6CB5A85513FE47DF33A2025073F95A88830BDF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\highlight-disabled.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3217
                                                                                                                                                                                                              Entropy (8bit):7.892286714994252
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTgQCZuEaGOo2:bSDS0tKg9E05TqZaGc
                                                                                                                                                                                                              MD5:DC3494FFF24914D9D2D021BD8D25D6DD
                                                                                                                                                                                                              SHA1:D291D3FFE012D546353FEAA032DE8F427B37C5A5
                                                                                                                                                                                                              SHA-256:974907293EC367914CDAE7AA701000790AC63F1AFE977E06F3A16D4DA37932A5
                                                                                                                                                                                                              SHA-512:2E8612ACCB12FB144C4C656C9664123A68311C115960DD9AA91CF344C6A7ED73C4574E916DD2FB4B56560C3897A39C128F280A5DA1182E0B48DF8A6FA41B8EC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\highlight.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3216
                                                                                                                                                                                                              Entropy (8bit):7.8906601217003995
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODhn1aYaZe3:bSDZ/I09Da01l+gmkyTt6Hk8nTJ11aZu
                                                                                                                                                                                                              MD5:29D046A3F81292EE314864085A63FF81
                                                                                                                                                                                                              SHA1:9B6B8A5E556B475E2E18CE6875D9561AF07DF37C
                                                                                                                                                                                                              SHA-256:B5B6674E9D6CA9441C93D1F14C1203C75DCD3F756C8AB990FB736EB8EA02D1AC
                                                                                                                                                                                                              SHA-512:93933BF98A7E2ADDE07218FF71339386A40D42C55CFDDFBAFB77C8720370999E5276007B1BF1D775D9EB0397A66A34776E081966A4FD0EBED59A1B0E086CC2B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\logo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3239
                                                                                                                                                                                                              Entropy (8bit):7.888643295675962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODCRALs03pS:bSDZ/I09Da01l+gmkyTt6Hk8nTdLNZi
                                                                                                                                                                                                              MD5:28FDADB259A8077E09F442CA8EE1FFE5
                                                                                                                                                                                                              SHA1:9F93FD60CFC263758E2893813FC2EBD2AC3BB352
                                                                                                                                                                                                              SHA-256:9B519A9E1A1B17921268F552120BEE46DCBBC0BAA8BD888524BE0F7278172F6A
                                                                                                                                                                                                              SHA-512:E5926D42E2C79DFE415132156CADE34830B98F81D359F8AF2272F7B0B723C93770AA40F4478545ED01F7C4D23B051700641E33F36ACDF8C7E4736B0BA0102F50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\logo_32x32.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                              Entropy (8bit):7.7115682629611495
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7iMXQbYxUmLXrR83gsck25T8crr2vU3w9lFKms5QQjsa7mwetd2xJ+qjsq+Ka:BbYxUmLXd83RMBwl9g6wo5q/+Kdpi
                                                                                                                                                                                                              MD5:CE93245253E7D87992B0BA17501BCCCE
                                                                                                                                                                                                              SHA1:EB886BDAD9250A51E1DC7C3E46E34AEA684253D0
                                                                                                                                                                                                              SHA-256:CC355E7C9F6C28CA686489EC62307BDA4BBC580D7479794B9080F48E8D1B288D
                                                                                                                                                                                                              SHA-512:CB1FB5E8F26542D22194970CCCDF575780E0D29710576DA925E03A0140FCDB443A58A8CCC0F6993968F0FADFA69D2BC2CA708AA002565A24E5D0E68A7631E6AC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..W.k.Q..^.).:...*.\.......E#..ED...C.]...`..((h...g&....n....z..Q......\r^.....K..~?...|...y.LrL....X.y)3==.e..r....I.....JOc)`r.D<.b.0K..rl..x......9.E......oc...g.....Y.9.>..-..'....{.q.@..|....Nc^...9I.^.=...2.6....@..g...K...@.....D.......z../....A..b....0N......Q....V.:...@...Yu..8.....*).......g...Ik......Q...zp..b.._...'}.W..$....5.M....)...[..)z....UR..<..2.F.m.W....>._i........-3..Y..._.........u.....$.x.-...L.=...g...Wf...l..0...v...J....{..iC..p..x.k!....^...^.rE..8.hFA....s..l...~@...H.#a8...)O:HX[.......p`9f...\.?.ND...rJ.1...P....nq..........a.Q_.l.X{.Z\KV.*.'.]0...#.Rq....o...P........>z.q.....[......,'.S."J1;.w$.s...x......s..."03.&......Rl?`..6.......-6.D.........ZDw>@....X..e.Ym.......QTgD..........4o*>...=.8...,.!r..+.'........u.[...............IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\more-search-providers.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3352
                                                                                                                                                                                                              Entropy (8bit):7.8931164626831265
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD8T/BbqEhZ:bSDZ/I09Da01l+gmkyTt6Hk8nToqeGM
                                                                                                                                                                                                              MD5:3D5838DF2B73465BAE62A24C4227B8DA
                                                                                                                                                                                                              SHA1:6DBC88054A5CEBC0BD528965E232ECA12B7FF841
                                                                                                                                                                                                              SHA-256:910F08F5D49FE7D48E4C04E2A2872B67E5210A16AD10611D89D23009A58AE225
                                                                                                                                                                                                              SHA-512:D6DCE4ACE8CC5823A2E54265D9207C37D84A2D5F43B57E0EBE4BB08C2EC051F507730B46F0F5AD3B90E13DB6C7D4DB1946F0FD3A7B25A5EC14A92769CCB40772
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\music.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):969
                                                                                                                                                                                                              Entropy (8bit):7.762222484405286
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:H99+nx2odKpOu5EoaHoA4JtF7yq3W4T9bx+Z6JEGY:d8x2odKpOmZ6rStF75m4Txx+ZaEGY
                                                                                                                                                                                                              MD5:6CCA94CDF2EB6A5FF419733DF8E89C8B
                                                                                                                                                                                                              SHA1:9B53E137FE7C6FE398403EED10CBFEE303CC2A83
                                                                                                                                                                                                              SHA-256:5F424A3EE5FE6892ECB699ECC07D21A8749166FD5356E6AAFBF6564B0DD0B3F3
                                                                                                                                                                                                              SHA-512:C1D45F195837E4AD1BF78F1BF5A7C418734E69D4C477D807ED34B034E079B35127757E3F29B8725070C4C93063574155A031E88E50CDECA93FF1B6789E85D2ED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...kIDATx.tS]lSe.~.s.sN.u....m...J76p..!Q.2p.h.T.....\.h.z...&^.h.d$#q*.............c.m..u....==?~%$J.O.\}..|....Gvt........l._I)...dd.S.q\..1.x..T./P].,.8......]..]..-.iL._...e.Q..hp#`.....).7L(.$...........D[?.7..*n...Wg..#A2m.Z..d....Df...9g..K..W........H}5.K0+<\../;...os..y..[..k.5%..^I..V..@.1...C.cr.t..MGz./,T...#......z%.>...G5..MG.;:..u..."..,-e....J''p....v........P.....cHmj..w..d[.c...D....... ..v.Y...X..uQ..4........x.68......{..x.i.U....68..5.......s....7..w....JH.V6Q'<."....M5....<.`pFa].W.....90..{c.~...n9..52..AZA.A......h.q_.w..p...{._*Kf.~."...e...e*...g.Y{..]D.w.8.}.......C.Z.....p.^.j.|S..v.J|........Z..,t.<01..''04........l...KB)@..."...].....ja.P.....b@d.|.!........K....$..x......+..(.L-.3..|...ba..Q....C..Q.Z..c...h.*......V.......(...o...`.cl;z./8lf.....7.y...._WEO.;6.._..7g0...Y..a...a.....=..$M.T.S..0._.Y.S.y.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\photos.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3432
                                                                                                                                                                                                              Entropy (8bit):7.890811683389906
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTix2NsDd3:bSDS0tKg9E05TiAgd3
                                                                                                                                                                                                              MD5:3326F38F67E138CD40DF3036A6309F63
                                                                                                                                                                                                              SHA1:8371BACE6C48FC5AF719000E91A627F6DC0CE3AC
                                                                                                                                                                                                              SHA-256:A86EB86BE5BA9BEEA0C3303447F4BAFFF2A8BD49AC2D245F3759C31DE52018FC
                                                                                                                                                                                                              SHA-512:672FD5BDD4753F3E8EB9A30B25E18EA7231DE7208C217E9D55F3A34A794B27626C290E581418229982DEDE7975D21C46E3E9B32F265BCAC8B2FBA56926B5C841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\search-current-site.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):784
                                                                                                                                                                                                              Entropy (8bit):7.695743284796664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72rnSuDO0xkvVXUTDkIPr5vDeQNMV5PhSEbsqs9GaWzL6gsp2xkIoKzxV7:3SkO02dkTD3Pr5vEQI6L2+IoKF
                                                                                                                                                                                                              MD5:7D4CAAD7B62C2F69274E585D326D2A91
                                                                                                                                                                                                              SHA1:815175D8C54D86B622873FD152BDE7482B6B83D8
                                                                                                                                                                                                              SHA-256:8EF5C62F599935ED9448258366E2DCB209338870B902D803F20081494FE46E51
                                                                                                                                                                                                              SHA-512:5FB3D260220150F1461577287D5D273482207F4CDE362391FE81C643C113A598B440A413B35DDD6520DF55B2AB2C3EDB8A24B2EC2AD681FEAC6C382192A31789
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[HTQ...}f.q4...6h$..iY.1..,...!).@.%..b..QH&./fD..`.FTf....S.My..@^f....xV.(...C...f........D....?........H.zS.mD...Pi...6.&...!a...hs5..;....j@............ZI....<...h.?.!{=.......%.<..n.,.A.....2.t...t.7E....F..H....1kB!z:A..P.s.Len^.....mp...z.:l\...LX.....`...m... .\VV..:lUI...9e8.p..f...o........q.......1...?yTb..-.\....R....X...\..IK.E...T....l..7.Im..jPB.../......B.X...L$.{2.......N6>.e'.N.../.JV|...{s.d..5a..TK7F.q....!.6...Y.w..c/.S..l.w........qvgT.T......!.9...'. 1'I...,~O%.:.R..KHt]i>n.>..G.\.u.Q..0....&.."}....CJ....E.>....B....<VS.....a.i....0.e#.. .K.P...(....._.^i..q.4.Xk.%se.;.....3.}x.=...?;KW...B.q.al..a5._+&..F...{H}..O...@j.i.1w.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\social-networks.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3248
                                                                                                                                                                                                              Entropy (8bit):7.891399431000833
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nT5c656Pp:bSDS0tKg9E05T5cy6B
                                                                                                                                                                                                              MD5:C9E37BF72E41F4266CD7BDC875EA61BE
                                                                                                                                                                                                              SHA1:5D808714D82BC227D2B2F973540B2374D3212367
                                                                                                                                                                                                              SHA-256:88CC5CFDD1B66EDC992A9A348634C641A49626EB06116C1247E349DF5089140B
                                                                                                                                                                                                              SHA-512:DBBAFEAC3A52A2F9CC2E69D7E95CF5D0EE6DEA12E42DA4C3DCB7FD1E754CF9B24D2D31309A529885537EB46C14342965C3AD184D606800773D2B481C94E74F7C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\splitter.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3056
                                                                                                                                                                                                              Entropy (8bit):7.8853902232584545
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Q/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD5d101/hu7:QSDZ/I09Da01l+gmkyTt6Hk8nT5Q1JVO
                                                                                                                                                                                                              MD5:AEF0A911384F19305EA555EE444D37BC
                                                                                                                                                                                                              SHA1:5EA082A01AF0E52F12EF89B0D675426C8608B581
                                                                                                                                                                                                              SHA-256:68AFC90D338327ABCAC854A19D8C81EB1F9AA4AE7BFB1F53DBBDE899B4FC9E64
                                                                                                                                                                                                              SHA-512:4A669417979F96D72D0E8CC930E48C3F30C4DE4797C525D21CFCBA5C4D02588C804BA30F03595949E8C4C61B67D712D67E96AA2095EE81AC9EE4F4AE03D1FB27
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............,.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\sweetim-toolbar.css

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4994
                                                                                                                                                                                                              Entropy (8bit):5.055953897720054
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:NHpNbWeC/ElNLI/Qdyc04k4bOoz+Vfh1+4FsXC8Y+b1Ska:NHrS5WNL6Td4k4bOog7+4FsSmpSt
                                                                                                                                                                                                              MD5:73B01090E40193CC727A5FDC58A87FB8
                                                                                                                                                                                                              SHA1:6E1A8174F945A280F7D56B3099206ADAF04D2532
                                                                                                                                                                                                              SHA-256:B60F9FB3F97751D5D05C32DC3F2A417BC086ADE2F7C229D2F95CCD574A8042A2
                                                                                                                                                                                                              SHA-512:C3851B64AE8D3A0BE72EF2ED3C5B700D379A5CCD9FAECBF7F6E5EBC2A80EDF73A38C6FC88F14672B1CD0FDB13DAE409EC0A00970E5946E05EA58B5D1A06E7C04
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");..@namespace html url("http://www.w3.org/1999/xhtml");..@namespace xbl url("http://www.mozilla.org/xbl");......#sim_main_menu_btn_id {.. list-style-image: url("chrome://sweetim-toolbar/skin/logo.png");..}....#sim_search_btn_id ..{.. list-style-image: url("chrome://sweetim-toolbar/skin/web-search-button-glass.png");.. -moz-appearance: none !important;.. -moz-box-orient: horizontal !important;.. /* color for FF 3.6 and later*/.. /*background: -moz-linear-gradient(top, red,yellow,yellow,orange) !important;*/.. background-image: url("chrome://sweetim-toolbar/skin/web-search-button-bg.png");.. -moz-border-radius: 4px;.. border-width: 1px !important;.. border-color: ThreeDShadow !important;.. border-style: solid;.. color: -moz-Text !important;.. font-weight: bold;.. margin-top: 2px !important;.. margin-bottom: 2px !important;.. padding-left: 4px !important;.. pa

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):869
                                                                                                                                                                                                              Entropy (8bit):7.724749684662738
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72uhawVsXDd8HrtpLae7I6TeRg7EGrhLADjCznC9c9qtpMaPhvGklVV5KSChX:6aZXAr+jQUg4GrhLUjCLC9lP4G5KS8X
                                                                                                                                                                                                              MD5:920D3D7C15F7AB6E00F2A8C3593CA86C
                                                                                                                                                                                                              SHA1:74147628E2FCF44B2AF427A67DBE6278E8784416
                                                                                                                                                                                                              SHA-256:8D53BA3EF30AA548B8B5870EBF264863AB28BFB28BA0338337EA81FB10E931D0
                                                                                                                                                                                                              SHA-512:6108CE806BA0210A00A8250EBA0A74AAF9934F000C1EEC6E4750068A46EF4447D275C0A89053933B4E3ACE6529F5425D7F0ABBD7F8C2DDE4961A5FA32E9C0F88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\.[h.y....L&i:.mRl.Z/m...A...ESJ.hY..\...(..(./.y.A.X.a....VE.JD[A7].....K.\L.e2.LlK=p........}.~._.[L_.g...X.....o..s.?.=v.Q......T*..G.gU.D........?...:..U*.w7.`.]]?#z.^....|Q...$M...?dr.&....K.Y...Qq...h.d2e0...|...@.C....:I.....K.B...bo_...X,.iL.UU....]{..f..w....pL.@......9....~..#.%.....J.1.*...'B..U..m.[3t6....4.w......OW.Z.....!..U.g.....L.S&S...`..\N6lX_..z..m.{..$Q....Du5./.........j....dY.{MH..+@(.....O0...2..ZDg..H.4...%..>.n..x<p.6.....".,t..$.......q....o.M2...._...g.-.'...pA.\...}(..G}.&.......'...Rk7i.r...._6...3.#....u...#..s5......%...#..E6.....J...'}....9c..~.E.(!..`.T!y..B.K>.X.%<(Q...W_.......2...).). ..l.....,.,.......i.--..HhL.Q.}..$...Rf..*...Hb...Cnh..T..&.?.e..?v1Q....|...Bk..........!.................IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\web-search-button-bg-hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):976
                                                                                                                                                                                                              Entropy (8bit):2.7857896514822174
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhP0ul0+wP6fn7FmT/2NA39NF3wKuNR431pXp:6v/7RyP6n7FmqC9/3luNR61T
                                                                                                                                                                                                              MD5:B1E5876DB65289C13C4977F89810E8A3
                                                                                                                                                                                                              SHA1:1060397CE54CD3F14D37263D0BB87A502F18F300
                                                                                                                                                                                                              SHA-256:F238F4D203FC49E5F80F63F98937F0D599CEFC6C8DE8318F08592BCD88B21D18
                                                                                                                                                                                                              SHA-512:B0247636B355B68576AAE88179D3D5A8B8507203D714DC4284748C98C21F9082A0C04CD6B9333699ADE661BEE58EFB2F554FB9004D4876E2BF6659749E07B1B6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE.........................."..'..'..(..(../..3..4..;..6..;..<..>..C..D..F..C..G..V..h..i..y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z0.....tEXtSoftware.Paint.NET v3.5.2..iC...VIDAT(SE....P.C.+.2.w.T...L.&\O..w..8..m.h.,n.....x....NT".7.).Q."]R.51.cd.$.y.,1../.$..........IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\web-search-button-bg.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):981
                                                                                                                                                                                                              Entropy (8bit):2.888407959176497
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7RIy6QksPeAbLJ7G9vcC37KT1ZlyT7NV:dyxAAHJgEO7KbwTRV
                                                                                                                                                                                                              MD5:496F02D84BDCBF2EEF447CA153D1896D
                                                                                                                                                                                                              SHA1:9500DF7258DD9112C24D54772D550E26739EC2A5
                                                                                                                                                                                                              SHA-256:04FD558E122BDD2E2D40AE2BCBB82FAE73F5C9BCB19DED56BDD6C1DD39355B8F
                                                                                                                                                                                                              SHA-512:AA49E9FB7B6255E2EDB72754EFB62C08CA486378824DCF349305B625B9B7731321D12FED396833467A7B5AE231BAF2B5BBF400F51C9D5D72B0DEC2497EE4BB95
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE..................................................'..*..+..;..<..3../..4..5..8..=..O..@..A..b..c..s..{...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................G.R....tEXtSoftware.Paint.NET v3.5.2..iC...[IDAT(SE...P...!)Iqr.T..%.......3...h.....(N....*......7.....|..Y.R.E..Y.....7..C4.1..^....v.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\web-search-button-glass.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):808
                                                                                                                                                                                                              Entropy (8bit):7.5250979472444355
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7fwb9aXjZ9t8epIzfIgZsZQc8PXbfTNKmJ6SXE8CBxkuDCfwwxxnXNWxUec:Db9azftTaIZQrbf4mJxXEJ4f3xnXL
                                                                                                                                                                                                              MD5:6863D0B8DD6CB1DAA8F024340EBEF2EC
                                                                                                                                                                                                              SHA1:153107E528C2531A48F3297171A94A6172F4B5D3
                                                                                                                                                                                                              SHA-256:AA79352FEDB4FC20672861188C1D241EFD5236937978EBA04878F6AF5732791F
                                                                                                                                                                                                              SHA-512:EBE4F11A56497EA51546EF581D84705298B0C54DDEF801B14CA754572545134C61C32D3A118A9BF45A68E09F0452D8D8F2F86BE32CB5CAC307B6042A791CA15E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............].....gAMA.....Z.... cHRM..xZ..o=......z...H.......9....q@T......pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.2..iC...yIDAT8O..]HSq..W.}Bu.UT7.tSQA%EtQ.....1FY.uLd..v.:57ga.N(...}AP..Xu....B.......=..v".gI]t..=......>..(...2.KH..=8hv...~.Z........E....0;...u..;...q .D....H.......(.\.,...7..4..W....{..E?`..FU..R..;..a.;2..I`.[~.~rE."..s.B....Z#.9..9:.}.w........=.O....#W..0..HZ....`.3.v..Cb...S....}.ls.........g.K-..n....OY`.2..8...wG....Z.di.._..8.n..0./...q.=.5.GG.g...\h..;..............K_).~\.0@p.@..DK...(.....@06.[k4.*.4.d......0b'.@....?..;.6O4.x.i..z..R..)O....-8G3!...|..ju..-._a+i.....S....}.gC".#....b..f....y:<j>7...g.......Y.^u=-.)Y_,;../.A..T(s.....Z.......hK5.G.BmF.3e.{.u.d.d...-.^"..!r.....\.*.VI...r.....Bh.+.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\web-search.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3337
                                                                                                                                                                                                              Entropy (8bit):7.886640514351696
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTt/4E/TS:bSDS0tKg9E05T/S
                                                                                                                                                                                                              MD5:3E2E639063054CCB59DB68C2A9243AFB
                                                                                                                                                                                                              SHA1:FD9461012CFA0ABD8333645E6A55B87DC5AC6537
                                                                                                                                                                                                              SHA-256:5D79D48F3FC4EEEF3A8C46FEF30DF602BE257730F841B99BECE79F7D9356D7E6
                                                                                                                                                                                                              SHA-512:730CF2834D48BDDA697E580064DAE1060D057A9F39D33C8A632D790F7E0B3097DD70421E31C09D33A914E763CB1C39E2C75554D8F6B4EB11B45A8962E8FBBA37
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\chrome\sweetim-toolbar\skin\yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442
                                                                                                                                                                                                              Entropy (8bit):7.104637400753022
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/78f2s/6T6is1kJ4nnQmCOZBw4r9Ah/kmZscG2E3d:Z2s/6WR1KcnQcF9csmGF3d
                                                                                                                                                                                                              MD5:F64113435D357717C72EBF0E86B317E6
                                                                                                                                                                                                              SHA1:85CA037F08378619D4322A7F4EDBB5FC55AEFC5E
                                                                                                                                                                                                              SHA-256:A3DB26273631B16D9F68100C2C8B9096C899B320AE2C3EE787D31D6DBC0826E9
                                                                                                                                                                                                              SHA-512:F7B60E594EFFDD05E84C8583F205A32BFB87BB4CB084F0B49FDEAF5797B4128AA4B2D72A7FB1FB4FC112CAFF1958C1632E19ED658C564727656604746BECF616
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....sRGB.........bKGD..............pHYs.................tIME.....;'.x.....:IDAT8..!k.@......P"B....S..G..(....eT.15..c.b?`..b.....U#...pb.....L.;r./.^u.}.......yx.Pde...UNA2..EH...7.S..dw.u.....n..G.`|...."+....d5$.!.Jj...Qr.*....J:Q@....*.:=M..S.../.....>_>........r.+...s....\.f..(.d.X..mW...%5.|.\.=.......?.y~.,.%5....%...Q..YY......c....-..N.6.6I.a...1J.\.\y.....Y...jH;.....J...v......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\components\SIMAutoCompleteSearch.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9648
                                                                                                                                                                                                              Entropy (8bit):4.9386302416157895
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:BJYDxEranuKJKKgbK7dAKyK+i2vRJx7fhhg9pJt1dR0M5:BJegKkKgbK76KyKQJxlhq5
                                                                                                                                                                                                              MD5:C646B5F72E465DD579A4485EBD5518E5
                                                                                                                                                                                                              SHA1:0696375F062FCED5BBB07146D3B21B319B19E862
                                                                                                                                                                                                              SHA-256:9413FD6BF893C926EB6D6908E494A1BB710EA8A9CEA355011D5E3C4249D63F32
                                                                                                                                                                                                              SHA-512:6E1C68587441512974EE6B2654FB05D59D571343234B0EDC3069AD7A5E3D96DEB4751BB18881C799CEE9121D14BB98E95694AB81D849C7D86042F09023153CAB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// original file:..// "How to implement custom autocomplete search component"..// http://developer.mozilla.org/en/docs/How_to_implement_custom_autocomplete_search_component....// logs an exception..function logException(e)..{.. var message;.. message = "Exception:";.. .. if (e.name).. message += ", name=" + e.name;.. if (e.message).. message += ", message=" + e.message;.. if (e.number).. message += ", number=" + e.number;.. if (e.lineNumber).. message += ", lineNumber=" + e.lineNumber;.. if (e.stack).. message += ", stack=" + e.stack; .. .. if (!e.message).. message += ", full=" + e.toString();.. // dump(message);..}....// load external JS files...// the component is loaded in different namespace than browser..// (e.g. "gBrowser" is not defined here), so we _dont_ need to explictly load it in..// a dedicated namespace object, as done in main.js..var loader = null;..try{.. loader = Components.classes["@mozi

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\SweetIM_Temp_Folder_4779843\install.rdf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1630
                                                                                                                                                                                                              Entropy (8bit):5.50969037695185
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:kYH7siLPNKP4p9LN4peoVAHd7wORaN008mZ863VA:bHfDQelSOMNH8Ue
                                                                                                                                                                                                              MD5:C2DD6535605B8AECA43BCBF777F96262
                                                                                                                                                                                                              SHA1:1A037398321F63475887809CD2E1A4A92036DC98
                                                                                                                                                                                                              SHA-256:C3541B4C8C083B134158D839BF5348204E02C48546FB88B4A9933506DE6B5DA3
                                                                                                                                                                                                              SHA-512:84A4B20FE3B354F33F0023F21BB264095F4CE16830D18A0FA24B967E9E974B9D57AA4135E97B6599053DFAB6CCAAB8681956FF2E590E9A9567FA5D3B8A22ECD8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#".. xmlns:em="http://www.mozilla.org/2004/em-rdf#">.... <Description about="urn:mozilla:install-manifest">.... Required Items -->.. <em:id>{EEE6C361-6118-11DC-9C72-001320C79847}</em:id>.. <em:name>SweetIM Toolbar for Firefox</em:name>.. <em:version>1.3.0.1</em:version>..... Firefox -->.. <em:targetApplication>.. <Description>.. <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>.. <em:minVersion>2.0.0.0</em:minVersion>.. <em:maxVersion>7.0.*</em:maxVersion>.. </Description>.. </em:targetApplication>.... Optional Items -->.. <em:creator>SweetIM Technologies LTD.</em:creator>.. <em:description>all about fun</em:description>.. <em:iconURL>chrome://sweetim-toolbar/skin/logo_32x32.png</em:iconURL>.. <em:homepageURL>http://www.sweetim.com</em:homepa

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\final.swf (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:Macromedia Flash data (compressed), version 9
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):45328
                                                                                                                                                                                                              Entropy (8bit):7.993429163936794
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:768:i8qetPOl0k7K21COqKuiH6AFyFR7OikC1kr0C3SW+c4eUahZ9mHg2:iGkjK21C/KdaAFyvOb063UaJmHN
                                                                                                                                                                                                              MD5:082CEE2F16A62D4642711F1EEA0BDF76
                                                                                                                                                                                                              SHA1:D82B1B952F378B9B022D7071C44B2433CA045AB3
                                                                                                                                                                                                              SHA-256:353BF8B47EB53F4D9733F0503A7E44B58BB9B7943AE7B9F8F0FBB2D71C95DF75
                                                                                                                                                                                                              SHA-512:A8856AFCE96DFE5C4EB1833504FF51F0007FD554DF53D6E79168634E7EB986AC9E449D348DEEF641F3AD0D5AA9532022389CE41068AC7A08D4375E5618D7A996
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:CWS.....x..{.X]......Kp........www..Hp.;.........z.$..w.}.._.|=.7=]l.U.V..vU..Vm..... ..@.....I....7..B.....0g..0..R+`,......`...E..3....'.p]..j'.'n9......P...~........!b2.........\b.*..v.....Z".:....i."...m..%O..#..j..H-x!.Do7..*.<....wg.$....@.I..lW].....D.y?W........5N...3......d.....!..$....I }X.Gtr.;.m....bF.h.d_....b..d..:-.\.=-L...N.D.^....D...6.E.<s.....s....g..Lq.e.l.....*..l..UDP..}...|\..[%...7+....e.'.....`.K..FhN..tBW8ZK.aTD_.O\..(.tx...v....o#J..;>`.q.Sc..~.[.f.x....QQ..S...E9..g=..7..&..c.VV(>.s+.|)?...3..Fq...S.S......,....O......7D..{^E..q".._iv..I...{@)-..i.....9m.w..>.}J...T.)...|......`...........`.=..P.L'.W,.A..hq.{.X.cT.o.A.._.D[o...z.<.........J..YL.()....O..._9 ..j.....g.5..lq)W..=..\.T.I$.R...(`2.a......Gp.Q....1..e.....4......7R.~. .-d-..6.FR..b..D.^.....=6..7......N.)....M......c.A.m..wQ.3..m..a..=...D..TU^...%..^..x..,gh.=.......j.......u..}..M.Y..........q.>......<...".?......3.............g=..M.(>J].h....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\sqlite3.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):542036
                                                                                                                                                                                                              Entropy (8bit):6.56751373563397
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:Jaxeh07OAImJjRrJQ6XEaEubw1BhkqKLc7GM4StJ1mGB5tnmZS9rXOYqgi3nm4BL:JyJ1ua1bw1gqKLc6etJ1m0pXLqJ7V/T
                                                                                                                                                                                                              MD5:B637C198FA977E3FB44BE8B6563FA57D
                                                                                                                                                                                                              SHA1:07FE04B3990EF759551AC4FE5996EA1C7B9B122F
                                                                                                                                                                                                              SHA-256:91F1216D6CD6A0355A6D3B314366993FA531A285D91A6C1E14BF8505B0C7FA1A
                                                                                                                                                                                                              SHA-512:5CFF6DC1BC3FE3FC376A8028339C130F8317D6DA12962F57612925A95E7E4C0BB10022F3FE68DDC63BD5D8BC6A88D5A2B6763746144F23FC09D78FA9A2181CF3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rL........... ...8.r.........................`.........................P................ ..................................................................!...................................................................................text....q.......r..................`..`.data...X............v..............@....bss.....................................edata..............................@....idata..............................@....reloc...!......."..................@....stab...l..............................B.stabstra....0.........................B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\0x0409.ini

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Languages]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6187
                                                                                                                                                                                                              Entropy (8bit):4.969637598735067
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:VXoB2A2ul8/T3INLfRtMx76U0KOFWgVQMG2Uub0QAg80SbtEBapIx0KsLK3E0bT3:J0YT3wLfRA0v/tBAvCSEB90K
                                                                                                                                                                                                              MD5:26A9B54F250E00693773481B837E03CC
                                                                                                                                                                                                              SHA1:554A407BF23984026785430E3BBDFFDD1285BE06
                                                                                                                                                                                                              SHA-256:2A5EB805543B141D77CE7192C5F7E4E10FFB56DE0A5A66905C79298DFC5FFBD5
                                                                                                                                                                                                              SHA-512:A9F141F96F7BB498C4326CAB2E846CE0715830EC86B04A311CCB0C7F3EB6ADCC62EC1412CBD8D230B957CD923AB3A81AF34B40294297773395D53D8AA73F9073
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..[0x0409]..TITLE=Choose Setup Language..DESCRIPTION=Select the language for this installation from the choices below...REBOOTMESSAGE=The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later...ONUPGRADE=This setup will perform an upgrade of '%s'. Do you want to continue?..LATERVERSIONINSTALLED=A later version of '%s' is already installed on this machine. The setup cannot continue...OK=OK..Cancel=Cancel..Password=Password:..Install=Install..1100=Setup Initialization Error..1101=%s..1102=%s Setup is preparing the %s, which will guide you through the program setup process. Please wait...1103=Checking Operating System Version..1104=Checking Windows(R) Installer Version..1105=Configuring Windows Installer..1106=Configuring %s..1107=Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Rest

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Startup]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2683
                                                                                                                                                                                                              Entropy (8bit):5.4199870652330056
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HP3Y5z3vy0g9UWhXvCm6mJGCN6FTaRUTc2X4s:HPY1/tg9xhXvCm6wGCZUTcXs
                                                                                                                                                                                                              MD5:A33DA307C449C168CE22135BD2BDEF53
                                                                                                                                                                                                              SHA1:1B42519C3205908D8EE4E4B0750B21BD99AE57B8
                                                                                                                                                                                                              SHA-256:3E4C42F56E784FDEE149B21D3ABDF1A58704E1B1DBBF2D87B5060F700D91BF91
                                                                                                                                                                                                              SHA-512:73447F047865D2B8E31E0EAA2630F49B2182BE79A3B79A608DC1CE2A07E8324F722D92CF265CB530AF744A9632C8F04076DE6E83C357D6F342AB6752BDAD273E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Info]..Name=INTL..Version=1.00.000..DiskSpace=8000.;DiskSpace requirement in KB....[Startup]..CmdLine=/qn..SuppressWrongOS=N..ScriptDriven=0..ScriptVer=1.0.0.1..DotNetOptionalInstallIfSilent=N..OnUpgrade=0..RequireExactLangMatch=0404,0804..Product=SweetIM for Messenger 3.6..PackageName=SweetIMSetup.msi..EnableLangDlg=N..LogResults=N..UI=1000..DoMaintenance=N..ProductCode={A81A974F-8A22-43E6-9243-5198FF758DA1}..ProductVersion=3.6.0002..LauncherName=SweetIMSetup.exe..PackageCode={88655337-61D8-45FF-9B01-BB29C2AAFDE6}....[MsiVersion]..2.0.2600.0=SupportOS....[SupportOSMsi11] ;Supported platforms for MSI 1.1..Win95=1..Win98=1..WinNT4SP3=1....[SupportOSMsi12] ;Supported platforms for MSI 1.2..Win95=1..Win98=1..WinME=1..WinNT4SP3=1....[SupportOS] ;Supported platforms for MSI 2.0..Win95=1..Win98=1..WinME=1..WinNT4SP6=1..Win2K=1....[SupportOSMsi30] ;Supported platforms for MSI 3.0..Win2KSP3=1..WinXP=1..Win2003Server=1....[Win95]..MajorVer=4..MinorVer=0..MinorVerMax=1..BuildNo=950..PlatformId=

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, ICQ, Subject: SweetIM for Messenger 3.6, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Mon Aug 1 15:43:36 2011, Create Time/Date: Mon Aug 1 15:43:36 2011, Last Printed: Mon Aug 1 15:43:36 2011, Revision Number: {88655337-61D8-45FF-9B01-BB29C2AAFDE6}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3552768
                                                                                                                                                                                                              Entropy (8bit):7.4010672025598465
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:FYyGQnzszN2qXKdtDCSWBXM0BXEhUQM5V3kS8HqSd:SQnzszN2qUONXjAUQMXkZK
                                                                                                                                                                                                              MD5:54D2F6EC72B0A9F8F85E07137F6D098A
                                                                                                                                                                                                              SHA1:5AC5FD5824446DFB7D7FDAE0ED1729D821B1DB73
                                                                                                                                                                                                              SHA-256:A03C61372030D38A2046666E840F25E460F6E3F25DE6583EC4E2FDB28227F484
                                                                                                                                                                                                              SHA-512:F838BEBBC3FDA7EBF93264208B0A89D69B58090509A912DE0F31EBB9E9250678B152FA0616D61B797C20AE582EACD9A8AAFD5BAE4BD0DC6AF54ECC69D46AB3AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...................7...............8...........................}...............................................................................................................................................................................................................................................................................................................................................................................................................................................<...............................................................................................................!... ...'..."...#...$...%...&...)...(...5...*.......,...-......./...0...1...2...3...4...G...6...7...>...I...:...;...=...........?...@...A...B...C...D...E...F...J...H...T.......K...L...M...N...O...P...Q...R...S...V...U...b...W...X...Y...Z...[...\...]...^..._...`...a...d...c.......e...f...g...h...i...j...k...l...m...n...o...p...u...r...s...t.......v...w...x...y...z...

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\_ISMSIDEL.INI

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11
                                                                                                                                                                                                              Entropy (8bit):3.0957952550009344
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Pivn:Kvn
                                                                                                                                                                                                              MD5:3FDD2635AA94921522AF8186F3C3D736
                                                                                                                                                                                                              SHA1:0FE63553E9F993C0CB2CB36B8CDCFBA4F4A2650D
                                                                                                                                                                                                              SHA-256:17AD78845C9C6A8E97A5BD14BE56700A51EE85867C979ED6CF538E1FED82CF7C
                                                                                                                                                                                                              SHA-512:EBDBEEFBDC777937FCE516A1CBD9AF7C305FC242091D695AD919A27C98FAC5B6B16B44130BDF97DBFD10561CCE701180B1FBB303D848944C3B33B8A3C058653A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Files]....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\SweetIMToolbar.xpi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):161276
                                                                                                                                                                                                              Entropy (8bit):7.920344044176985
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:KGhdZ7DFhE9hqry2Dhm/pmAKWeCPGpTYdJD36nol:zdDb6kwxDnPGpUdrl
                                                                                                                                                                                                              MD5:C6B21C46B2EBA0297A43ECD9E8E737DE
                                                                                                                                                                                                              SHA1:B2157B4134B6779854D27E9B6E5022BF801E3842
                                                                                                                                                                                                              SHA-256:75F9D007B627208EFAFFC926763C790E94B7FEEC46CAC7FFC676265A83316899
                                                                                                                                                                                                              SHA-512:754B33A9A57DD98369EF4FAB3EFF2E29E231D885CD06C6412E1B5910196FFEDC4493117088C1D8984E6983090BFD68DE2CF60D7AD9D40EC0BBFF940F33BD5310
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:PK..........6?....[...W5......META-INF/zigbert.sf...........6,...A...BLb.1n.......YY..k....M..>....~0......?..........jc.............?_..!...U.e\.....H...qQ>d..A_........o..b~.(~.u..>....Y.w.'Y.u.........ap.....?...G.;*Qt5.C.zV.q.c........_....f;..Y..\....Ib!...o._......c.......".[0.....@?.........6.Nx..=r.U...c(.M.N.%D.HV.A.....*Z6-.6)...].._..>@....S,G...r..h..+.7.,.}dA.6..Z..$.(.A...dU.Ui.m...t.f..y.7.}.RI..m9..;..4it$...U".t\...\K.............A.:.X...IN.e...F....|......4..Q.*..l..WQ.....tG....\'QN.c...I.a.1T...od.tx.....~N.t...z.....1+.....J7L..|.M...A...{...8.......$4|.....v.fi&..P5...U?.....'x....I._$......O.L..8....[.1......5K..c...w...P.Rf5LpqT..4..*.C.:..].w..L...p.<..]0}..U.1:..#..qa874I...1j'.V..........'.W..a.M..-.....Yi'?sW.E.<...e\..1.x,&.Y.h..2...Y...u...._b..ET..KR..u.A...v..9_..F|...wIV.{.\Jd^..7...S..G.XU[..Rk...\5........H.`sNI.b..h.....|K.SP.R*w.)S.....J8!....j"9>x[#T...p.w...u.....x.tw..6L...(....(n..f...4..V?..K@.s.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\mgSqlite3.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):393016
                                                                                                                                                                                                              Entropy (8bit):6.826407049982154
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:DRU2DRRGOQ0ebQfMLkunuhoZ3Uq922DcNUzhqlxm+OCS6Cguh4s10px6fu0xQgg9:m2DRRGf0eUfMQoZZhZmxm+OGLu+s6pYm
                                                                                                                                                                                                              MD5:8A4AF3B0695F29186AD02E2FD766FA3B
                                                                                                                                                                                                              SHA1:C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C
                                                                                                                                                                                                              SHA-256:346F692DB61B1355DF431F58F0A9C4C6ED7BDF0C9AD3E2CAD42E0B3920EA44C6
                                                                                                                                                                                                              SHA-512:3C94CD08C21BCCFE66AA7C813C86F8A11672C0472DABFD12B699BB01B55741903CA73C8385F531DD2733EC70CAEE0AF3040C6B84F09F5B5E981BA12026CBB4CD
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).Gom|)<m|)<m|)<d..<w|)<J.R<n|)<m|(<.|)<d..<I|)<d..<.|)<d..<l|)<s..<l|)<d..<l|)<Richm|)<........PE..L...YK.L...........!.................2.......................................0...............................................{..(.......................8........!...................................v..@............................................text............................... ..`.rdata..............................@..@.data....H.......*..................@....rsrc...............................@..@.reloc...,..........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\sweetim.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3547), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3915
                                                                                                                                                                                                              Entropy (8bit):4.5039484079313326
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:65Vc7FggKebtnL/6q0P7ETojlQXdMdnL2DD:6nc7VKStnT6DxhSDD
                                                                                                                                                                                                              MD5:EF691DD0310399372EAD6FACEEDBE1BB
                                                                                                                                                                                                              SHA1:4F1FA12B9751F78D8B3BF648AEB72C8AC2AB069D
                                                                                                                                                                                                              SHA-256:75E16E17C0299FD6BA42BB0BA8C8AA465634D6395C8DBAEC6E97066468C22AC1
                                                                                                                                                                                                              SHA-512:370EB8D795AB0B676D45602D8750193D795CF455C5492062B6475579EC52BA817A4138A51829EDF028E52DAA216B63B93A7FEDABB552907E0BA0C8A15AFD2A4E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">...<ShortName>SweetIM Search</ShortName>...<Description>Use SweetIM to search the Web.</Description>...<InputEncoding>UTF-8</InputEncoding>.. <Image width="16" height="16">data:image/x-icon;base64,AAABAAMAEBAAAAEAGABoAwAANgAAABAQAAABAAgAaAUAAJ4DAAAQEBAAAQAEACgBAAAGCQAAKAAAABAAAAAgAAAAAQAYAAAAAABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5ubkZGRjY2Njs7O1dXV4aGhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH19fSAgIAAKQQATegAUhQAUiwAQawYKHE5OTgAAAAAAAAAAAAAAAAAAAAAAAHt7ewoMHgAbtQAWmAAHLwADFQAGKAAVjgAj6AAQajs7OwAAAAAAAAAAAAAAAJOTkxoaHwAcvQARcAAFHQAVkQAezgAcvgARbgAOXgAi5gAOW2BgYAAAAAAAAAAAAF5eXgAJPAAi6wAUiQAj8AAm/wAl+gAl/AAm/wAg3QAh4AAdwxgYGZWVlQAAAAAAAC4uLgAKQQAm/wAm/wAk9gAk9AAk9AAk9AAk9AAk9wAm/wAdyAAAAnd3dwAAAAAAAB4eHgACDQAf0wAm/wAk8wAk9gAl+QAk9wAk9AAk9QAn/wASdQAAAGdnZwAAAI2NjRMTEwAAAAAHLgAg2AAo/wAh4AEYpgAe0AAn/wAm/wAVjwABBAAAAxcXG3d3dyYnLAAdwwAWkwAAAAAVjgARcgAZqw

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):65840
                                                                                                                                                                                                              Entropy (8bit):6.591447120361006
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:ZMBHI7P9tsUuT4lPpdJEy+e9/7AzMEyl55tgoxEo4N:ZMBHILjsXUl6yfEylvt7M
                                                                                                                                                                                                              MD5:8E11C6FCF30B1DC4C7069144B80C2709
                                                                                                                                                                                                              SHA1:796237843D9E6D1BFFA63A3DECE935746F66829A
                                                                                                                                                                                                              SHA-256:540F67373141A90AEA561B17C053B3491AC381CD8897CAE24C3C9B3D876E1E45
                                                                                                                                                                                                              SHA-512:50B73492668ABFF39A00DA3C8A3876C5FC1C9889CFE7571D833651713F773AF8610681273CAB0991660CA02695F2F2ECD8C7D33AE2DA2D375B898252062F6446
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*IX.D.X.D.X.D..K.O.D....*.D.K...Z.D....].D.X.E...D..$.J.D.....Y.D....Y.D.RichX.D.........................PE..L.....6N.....................R.......6............@..........................0......\i......................................4...<.... ..................0!..............................................@............................................text............................... ..`.rdata..t ......."..................@..@.data....'..........................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\mgSqlite3.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):393016
                                                                                                                                                                                                              Entropy (8bit):6.826407049982154
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:DRU2DRRGOQ0ebQfMLkunuhoZ3Uq922DcNUzhqlxm+OCS6Cguh4s10px6fu0xQgg9:m2DRRGf0eUfMQoZZhZmxm+OGLu+s6pYm
                                                                                                                                                                                                              MD5:8A4AF3B0695F29186AD02E2FD766FA3B
                                                                                                                                                                                                              SHA1:C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C
                                                                                                                                                                                                              SHA-256:346F692DB61B1355DF431F58F0A9C4C6ED7BDF0C9AD3E2CAD42E0B3920EA44C6
                                                                                                                                                                                                              SHA-512:3C94CD08C21BCCFE66AA7C813C86F8A11672C0472DABFD12B699BB01B55741903CA73C8385F531DD2733EC70CAEE0AF3040C6B84F09F5B5E981BA12026CBB4CD
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).Gom|)<m|)<m|)<d..<w|)<J.R<n|)<m|(<.|)<d..<I|)<d..<.|)<d..<l|)<s..<l|)<d..<l|)<Richm|)<........PE..L...YK.L...........!.................2.......................................0...............................................{..(.......................8........!...................................v..@............................................text............................... ..`.rdata..............................@..@.data....H.......*..................@....rsrc...............................@..@.reloc...,..........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\0x0409.ini

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Languages]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6187
                                                                                                                                                                                                              Entropy (8bit):4.969637598735067
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:VXoB2A2ul8/T3INLfRtMx76U0KOFWgVQMG2Uub0QAg80SbtEBapIx0KsLK3E0bT3:J0YT3wLfRA0v/tBAvCSEB90K
                                                                                                                                                                                                              MD5:26A9B54F250E00693773481B837E03CC
                                                                                                                                                                                                              SHA1:554A407BF23984026785430E3BBDFFDD1285BE06
                                                                                                                                                                                                              SHA-256:2A5EB805543B141D77CE7192C5F7E4E10FFB56DE0A5A66905C79298DFC5FFBD5
                                                                                                                                                                                                              SHA-512:A9F141F96F7BB498C4326CAB2E846CE0715830EC86B04A311CCB0C7F3EB6ADCC62EC1412CBD8D230B957CD923AB3A81AF34B40294297773395D53D8AA73F9073
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..[0x0409]..TITLE=Choose Setup Language..DESCRIPTION=Select the language for this installation from the choices below...REBOOTMESSAGE=The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later...ONUPGRADE=This setup will perform an upgrade of '%s'. Do you want to continue?..LATERVERSIONINSTALLED=A later version of '%s' is already installed on this machine. The setup cannot continue...OK=OK..Cancel=Cancel..Password=Password:..Install=Install..1100=Setup Initialization Error..1101=%s..1102=%s Setup is preparing the %s, which will guide you through the program setup process. Please wait...1103=Checking Operating System Version..1104=Checking Windows(R) Installer Version..1105=Configuring Windows Installer..1106=Configuring %s..1107=Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Rest

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\Setup.INI

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Startup]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2696
                                                                                                                                                                                                              Entropy (8bit):5.408867080976921
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HP3i5z+zoUOVUWhXvCm6mJGCN6FTaRUTc2Xw0:HPi1+zoUOVxhXvCm6wGCZUTcP0
                                                                                                                                                                                                              MD5:B01A2E1F9F46A840E2853D9EC3D8DA8E
                                                                                                                                                                                                              SHA1:55A7B7D8073D215B50D2FF33E9FEA477BF779E2F
                                                                                                                                                                                                              SHA-256:4AE9D1253C31835D75A634EDB70F49B590CE8C3362AFE5392AF71CFA116D9734
                                                                                                                                                                                                              SHA-512:E96A1EB67F4A32CFF2BDC7A96C1FA6277C9FD6A334E3B60D92FD74D2D65BD34BB824688300D447576DC570EE26E17CC3CAA7F7AF8710CB145AEC71C668AA9C34
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Info]..Name=INTL..Version=1.00.000..DiskSpace=8000.;DiskSpace requirement in KB....[Startup]..CmdLine=..SuppressWrongOS=N..ScriptDriven=0..ScriptVer=1.0.0.1..DotNetOptionalInstallIfSilent=N..OnUpgrade=0..RequireExactLangMatch=0404,0804..Product=SweetIM Toolbar for Internet Explorer 4.2..PackageName=SweetIESetup.msi..EnableLangDlg=N..LogResults=N..UI=1000..DoMaintenance=N..ProductCode={A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}..ProductVersion=4.2.0004..LauncherName=SweetIESetup.exe..PackageCode={F44840C4-6708-42BA-807E-138D61C83EB9}....[MsiVersion]..2.0.2600.0=SupportOS....[SupportOSMsi11] ;Supported platforms for MSI 1.1..Win95=1..Win98=1..WinNT4SP3=1....[SupportOSMsi12] ;Supported platforms for MSI 1.2..Win95=1..Win98=1..WinME=1..WinNT4SP3=1....[SupportOS] ;Supported platforms for MSI 2.0..Win95=1..Win98=1..WinME=1..WinNT4SP6=1..Win2K=1....[SupportOSMsi30] ;Supported platforms for MSI 3.0..Win2KSP3=1..WinXP=1..Win2003Server=1....[Win95]..MajorVer=4..MinorVer=0..MinorVerMax=1..BuildNo=950

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\SweetIESetup.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM Toolbar For Internet Explorer, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, AIM, SweetIE, SweetIM Toolbar For Internet Explorer, SweetIM Toolbar, SweetIM Toolbar For FireFox, Subject: SweetIM Toolbar for Internet Explorer 4.0, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Thu Sep 22 19:26:45 2011, Create Time/Date: Thu Sep 22 19:26:45 2011, Last Printed: Thu Sep 22 19:26:45 2011, Revision Number: {F44840C4-6708-42BA-807E-138D61C83EB9}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3027968
                                                                                                                                                                                                              Entropy (8bit):7.344776703975813
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:AWRYyZU3zs91c3fvDas3AgA7Rru1ZQxsxUx4x9rsyPJtAPAGuvwDju00/W6d:dYyZ4oVaAQ1yyUax9rsyPnAbcwPu00/B
                                                                                                                                                                                                              MD5:0FD2EF6954C43CE4D2C1E93825355AFB
                                                                                                                                                                                                              SHA1:981D1C9A6F54053EE736688F562D1C859D9EEE66
                                                                                                                                                                                                              SHA-256:2905553661E5BC69797337318D0DD0A7173A5191C6A7968FB89AB9F0F668D269
                                                                                                                                                                                                              SHA-512:B883393FDF11F4D4370C4E16B7FCC0ED557C5094420E47CFA1D0B3E2FEA0D7CE6B83953FC1197DA306318C807724C1F4A27B93231D53DDBE299607311FE35D7B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>.................../...............8...................................................}.......................................................................................................................................................................................................................................................................................................................................................................................................................<.......................................................................................................#........... ...!..."...%...$.../...&.......(...)...*...+...,...-.......1...0...3...2...M...4...5...6...7...B...I...:...;...=.......>.......@...A.......C...D...E...F...W...H...J.......K...L.......V...O...P...Q...R...S...T...U...G...a...X...Y...Z...[...\...]...^..._...`...c...b.......d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\_ISMSIDEL.INI

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11
                                                                                                                                                                                                              Entropy (8bit):3.0957952550009344
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Pivn:Kvn
                                                                                                                                                                                                              MD5:3FDD2635AA94921522AF8186F3C3D736
                                                                                                                                                                                                              SHA1:0FE63553E9F993C0CB2CB36B8CDCFBA4F4A2650D
                                                                                                                                                                                                              SHA-256:17AD78845C9C6A8E97A5BD14BE56700A51EE85867C979ED6CF538E1FED82CF7C
                                                                                                                                                                                                              SHA-512:EBDBEEFBDC777937FCE516A1CBD9AF7C305FC242091D695AD919A27C98FAC5B6B16B44130BDF97DBFD10561CCE701180B1FBB303D848944C3B33B8A3C058653A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Files]....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~C073.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Startup]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2683
                                                                                                                                                                                                              Entropy (8bit):5.4199870652330056
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HP3Y5z3vy0g9UWhXvCm6mJGCN6FTaRUTc2X4s:HPY1/tg9xhXvCm6wGCZUTcXs
                                                                                                                                                                                                              MD5:A33DA307C449C168CE22135BD2BDEF53
                                                                                                                                                                                                              SHA1:1B42519C3205908D8EE4E4B0750B21BD99AE57B8
                                                                                                                                                                                                              SHA-256:3E4C42F56E784FDEE149B21D3ABDF1A58704E1B1DBBF2D87B5060F700D91BF91
                                                                                                                                                                                                              SHA-512:73447F047865D2B8E31E0EAA2630F49B2182BE79A3B79A608DC1CE2A07E8324F722D92CF265CB530AF744A9632C8F04076DE6E83C357D6F342AB6752BDAD273E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Info]..Name=INTL..Version=1.00.000..DiskSpace=8000.;DiskSpace requirement in KB....[Startup]..CmdLine=/qn..SuppressWrongOS=N..ScriptDriven=0..ScriptVer=1.0.0.1..DotNetOptionalInstallIfSilent=N..OnUpgrade=0..RequireExactLangMatch=0404,0804..Product=SweetIM for Messenger 3.6..PackageName=SweetIMSetup.msi..EnableLangDlg=N..LogResults=N..UI=1000..DoMaintenance=N..ProductCode={A81A974F-8A22-43E6-9243-5198FF758DA1}..ProductVersion=3.6.0002..LauncherName=SweetIMSetup.exe..PackageCode={88655337-61D8-45FF-9B01-BB29C2AAFDE6}....[MsiVersion]..2.0.2600.0=SupportOS....[SupportOSMsi11] ;Supported platforms for MSI 1.1..Win95=1..Win98=1..WinNT4SP3=1....[SupportOSMsi12] ;Supported platforms for MSI 1.2..Win95=1..Win98=1..WinME=1..WinNT4SP3=1....[SupportOS] ;Supported platforms for MSI 2.0..Win95=1..Win98=1..WinME=1..WinNT4SP6=1..Win2K=1....[SupportOSMsi30] ;Supported platforms for MSI 3.0..Win2KSP3=1..WinXP=1..Win2003Server=1....[Win95]..MajorVer=4..MinorVer=0..MinorVerMax=1..BuildNo=950..PlatformId=

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~E783.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              File Type:Generic INItialization configuration [Startup]
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2696
                                                                                                                                                                                                              Entropy (8bit):5.408867080976921
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:HP3i5z+zoUOVUWhXvCm6mJGCN6FTaRUTc2Xw0:HPi1+zoUOVxhXvCm6wGCZUTcP0
                                                                                                                                                                                                              MD5:B01A2E1F9F46A840E2853D9EC3D8DA8E
                                                                                                                                                                                                              SHA1:55A7B7D8073D215B50D2FF33E9FEA477BF779E2F
                                                                                                                                                                                                              SHA-256:4AE9D1253C31835D75A634EDB70F49B590CE8C3362AFE5392AF71CFA116D9734
                                                                                                                                                                                                              SHA-512:E96A1EB67F4A32CFF2BDC7A96C1FA6277C9FD6A334E3B60D92FD74D2D65BD34BB824688300D447576DC570EE26E17CC3CAA7F7AF8710CB145AEC71C668AA9C34
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[Info]..Name=INTL..Version=1.00.000..DiskSpace=8000.;DiskSpace requirement in KB....[Startup]..CmdLine=..SuppressWrongOS=N..ScriptDriven=0..ScriptVer=1.0.0.1..DotNetOptionalInstallIfSilent=N..OnUpgrade=0..RequireExactLangMatch=0404,0804..Product=SweetIM Toolbar for Internet Explorer 4.2..PackageName=SweetIESetup.msi..EnableLangDlg=N..LogResults=N..UI=1000..DoMaintenance=N..ProductCode={A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}..ProductVersion=4.2.0004..LauncherName=SweetIESetup.exe..PackageCode={F44840C4-6708-42BA-807E-138D61C83EB9}....[MsiVersion]..2.0.2600.0=SupportOS....[SupportOSMsi11] ;Supported platforms for MSI 1.1..Win95=1..Win98=1..WinNT4SP3=1....[SupportOSMsi12] ;Supported platforms for MSI 1.2..Win95=1..Win98=1..WinME=1..WinNT4SP3=1....[SupportOS] ;Supported platforms for MSI 2.0..Win95=1..Win98=1..WinME=1..WinNT4SP6=1..Win2K=1....[SupportOSMsi30] ;Supported platforms for MSI 3.0..Win2KSP3=1..WinXP=1..Win2003Server=1....[Win95]..MajorVer=4..MinorVer=0..MinorVerMax=1..BuildNo=950

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13547
                                                                                                                                                                                                              Entropy (8bit):5.600589013116383
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9ycDu2ADT0g95uCs/GJVzbix/urF8g1YDLbax6kTTLSh:93C2A30g95js/GJFk2N1YDLb+l+
                                                                                                                                                                                                              MD5:810FA593D44397BD13FEB001B684EAE2
                                                                                                                                                                                                              SHA1:8223EFAA0D30A289A20B864CA1FC622852AB8201
                                                                                                                                                                                                              SHA-256:35A08311303FA255B0A9793F438C1229FF9DF946E759D52646093727007DD82E
                                                                                                                                                                                                              SHA-512:42008E31A4370D4A94B3F6FA0CF985341EE9E12D850AD06EC7379B6A71814F094F76075894A486756A3BC0B21F4FD54B6710813CE0A8ABC2612CF2B0685107BE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Manifest-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT...Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: CNsMWcvyVJA/R2OJD6jx7A==.SHA1-Digest: CQFIbsAHoE930lqhuKYzr0G75EY=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: cM97qpn/6M3P29jecDGsCQ==.SHA1-Digest: HGRfWAVRf6I1fjqtqjZlUY7bcvs=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: IzUsJtYOU3KF6RykwlY6lA==.SHA1-Digest: XjsqnQzlqCFErToou6kmfniWJFE=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZK/MV+wuXVbLbSGv6ayLog==.SHA1-Digest: 0HFQT6/U9YtyFnqydQ3XPVRX/bM=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZX2m/MJXYRHfOXcj/QPKWQ==.SHA1-Digest: 7MjtzoexiMvSnp6aGpMF/6HcHGQ=..Name: chrome/sweetim-toolbar/content/config.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: p

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13655
                                                                                                                                                                                                              Entropy (8bit):5.6040651112820905
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:WkA5g0iCoVcI/jdhBJNmDm+lP/eBSjSesuBVyOK6+ZEb5Mw7T4+sKr8tTciJcoC9:P37LBJNmDfB/eBSjnsLKwzF8J2M1
                                                                                                                                                                                                              MD5:59EC97C3D819001C0A897B38A7624473
                                                                                                                                                                                                              SHA1:D535037A3EC3601C7307EADFCD0AFE52747FB830
                                                                                                                                                                                                              SHA-256:13D9271BA7EBBE28508A4EBFCD6775BC1DD3459C5A9D4D8C1CF7F79E7323DDA8
                                                                                                                                                                                                              SHA-512:21A80FDA8D9F3B8EF957F94B7F4F429CD8D37637490DFB3D1C4E941D3F9DE59835162D7DE7C992C1B57B3AB0064655AA19E44AA93D30C3308413D87BBD03E1BA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Signature-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT..Digest-Algorithms: MD5 SHA1.MD5-Digest: f2XP9lsoHe04PBOvuFXL5g==.SHA1-Digest: 8RHZ0uUrxScBNJtHgI/t7stA9yA=..Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: w8i3Rt3DxPL6b05cKNpsPw==.SHA1-Digest: 3odNPduNL9VoljP4mprIcpgF4zc=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: 2YvLgsIg6k332XHkG6KEFA==.SHA1-Digest: ZvTVKYjibgcpdMsLQbe+A93OY1M=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: 1pyJGkn2pnE1+gMPhWrmww==.SHA1-Digest: 1uXwwQEdM+fCinL2psHcZId2oMc=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: lOla/YC5L6pzcewNgLywJw==.SHA1-Digest: vPI+B5kuDtUVY4PRGNE0z84Fnl0=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: AK1Es9lxyQoNYOJwLNf3SA==.SHA1-Digest: RUAGcms4e0

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                              Entropy (8bit):4.884991274360526
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:4yp61ZTeXK17sZSaK1vZW29F1211e71KwobrZ19M91Z+1WEA61nlHKgs0KIk1kv9:47uXKRVlFYq5c1bQCIaPKgsBI191IIv
                                                                                                                                                                                                              MD5:BE04EC8D2EC3BAE591464CD1B717CA38
                                                                                                                                                                                                              SHA1:91920930B8512885B18B76B94DFE74401B95D299
                                                                                                                                                                                                              SHA-256:011A1E4C9C00DE7D49EF66FFF9A0F28AB3BFEDA738CCCE95A046B6B0B6255FA8
                                                                                                                                                                                                              SHA-512:7B026AE4564DAEFB3AEA64351ADF9AA23FAD571DFA4B08AA1700BBE20DA586D33F170B8CB29609F10D07B3828B47F5F0D443300C2501EBA58E9C2A328976BEA2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:content sweetim-toolbar chrome/sweetim-toolbar/content/..locale sweetim-toolbar de-DE chrome/sweetim-toolbar/locale/de-DE/..locale sweetim-toolbar en-US chrome/sweetim-toolbar/locale/en-US/..locale sweetim-toolbar es-ES chrome/sweetim-toolbar/locale/es-ES/..locale sweetim-toolbar fr-FR chrome/sweetim-toolbar/locale/fr-FR/..locale sweetim-toolbar it-IT chrome/sweetim-toolbar/locale/it-IT/..locale sweetim-toolbar nl-NL chrome/sweetim-toolbar/locale/nl-NL/..overlay chrome://browser/content/browser.xul chrome://sweetim-toolbar/content/sweetim-toolbar.xul..skin sweetim-toolbar classic/1.0 chrome/sweetim-toolbar/skin/....# from gecko 2 (FF 4), we need to explicitly register components..# auto complete component:..component {EEE6C362-6118-11DC-9C72-001320C79847} components/SIMAutoCompleteSearch.js..contract @mozilla.org/autocomplete/search;1?name=sweetim-autocomplete {EEE6C362-6118-11DC-9C72-001320C79847}..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonlistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4131
                                                                                                                                                                                                              Entropy (8bit):4.625588950617717
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:742dJHodJ1k18XJxrWQMJzfZJTnJs4Gocs/vT8udODZiQrOQJy5JCZnRkg6ARkAp:z8hu8LCC4Gob78BBCg9ChK
                                                                                                                                                                                                              MD5:08DB0C59CBF254903F4763890FA8F1EC
                                                                                                                                                                                                              SHA1:0901486EC007A04F77D25AA1B8A633AF41BBE446
                                                                                                                                                                                                              SHA-256:7A84952782D85681375BF0EEF6E0861B81DAF6AC6230E86082E49BC6FB49B2F8
                                                                                                                                                                                                              SHA-512:D738192F28BE485E860CA632D60BC92D0C07D881AA0AE5F39E986F60D8870B0B6D62612A0A27D464BB1E5A2B3A5930F13EBBEE6B1E37DD71887833F190E975AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// "AddonListener" was introduced in Gecko 2 (FF4)....var g_sim_AddonListener = {.. onEnabling: function (addon, needsRestart) {.. //dump("\n XXX onEnabling \n");.. },.. onEnabled: function (addon) {.. //dump("\n XXX onEnabled \n");.. },.. onDisabling: function (addon, needsRestart) {.. //dump("\n XXX onDisabling \n");.. },.. onDisabled: function (addon) {.. //dump("\n XXX onDisabled \n");.. },.. onInstalling: function (addon, needsRestart) {.. //dump("\n XXX onInstalling \n");.. },.. onInstalled: function (addon) {.. //dump("\n XXX onInstalled \n");.. },.. onUninstalling: function (addon, needsRestart) {.. //dump("\n XXX onUninstalling \n");.. try {.. logEnter();.. if (addon.id == g_SWEETIM_EXTENSION_UUID) {.. sim_g_SIMUninstallData = simOnUninstallConfirmedByUser();.... // since we cant receive "onUninstalled" event, we continue the un-i

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonmanager.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3052
                                                                                                                                                                                                              Entropy (8bit):4.531395341231766
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:VUNczcsspPiyV1Db+mCOZODrZX05IcNY2Wa+l1A:nAB0OgDVAINN11A
                                                                                                                                                                                                              MD5:70CF7BAA99FFE8CDCFDBD8DE7031AC09
                                                                                                                                                                                                              SHA1:1C645F5805517FA2357E3AADAA3665518EDB72FB
                                                                                                                                                                                                              SHA-256:113EEF2B585C045A77C0253B0201FFBC970A4CAF3033D38627D45C90939378CE
                                                                                                                                                                                                              SHA-512:B613B1F8FEFCF0FC8AB6C02D00E0141D988EC5F95B05030CE5FF97E1C6C889AC48090AE3DAE8883551EBCB56110E828549C0B854EF2AAB8D6CFC81A2B546E1C7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// wrapper for addons manager data...// for FF4 and later we use "AddonManager.jsm" (introduced only on Gecko 2, FF4)..// for FF3 and before, we use "extensions/manager;1"......// globals, used for getting version in FF4..var sim_g_addon_version = null;..var sim_g_addon_name = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.... logEnter();.... if (sim_g_event != null) {.. // step 1.. // set global value.. sim_g_addon_version = addon.version;.. sim_g_addon_name = addon.name;.... // step 2.. // set evant.. sim_g_event.value = true;.. } else {.. logSevere("sim_g_event is null, we got here too late or too early");.. }.. } catch (e) {.. logSevere2(e);.. }..}....function SIMAddonDetails() {.. this._version = null;.. this._name = null;..}....// gets the addon details, in a way relevent to FF version,..// and puts result

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\bindings.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1519
                                                                                                                                                                                                              Entropy (8bit):4.410561293172547
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:8TX667LYXcAr/NHxq0+3GAQY7RR1tY2T6RtY86p9WRctqUyn:xJ7r/f5yLT6eCRcJyn
                                                                                                                                                                                                              MD5:23352C26D60E537285E91CA4C2563A94
                                                                                                                                                                                                              SHA1:5E3B2A9D0CE5A82144AD3A28BBA9267E78962451
                                                                                                                                                                                                              SHA-256:6BE86B7E71BEE837C855C48032E525677BA5071961D03FFD6D1676168A642142
                                                                                                                                                                                                              SHA-512:991CE985948A1CAEC21CB616F46138BD3A44D3EF08E02C34CA8EE5146BABDDAB62D37D4B873A8010D0B89599C431AC2810B6D6BA2BFEB7ADC8B443B6694DFC88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0"?>..<bindings id="SweetIMBindings".. xmlns="http://www.mozilla.org/xbl".. xmlns:html="http://www.w3.org/1999/xhtml".. xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul".. xmlns:xbl="http://www.mozilla.org/xbl">.... <binding id="sweetim-autocomplete-result-popup".. extends="chrome://global/content/bindings/autocomplete.xml#autocomplete-result-popup">.. .<implementation implements="nsIAutoCompletePopup">.....<property name="showCommentColumn".. onget="return this.mShowCommentColumn;">.. <setter>.. <![CDATA[.. var treecolValue = document.getElementById("treecolAutoCompleteValue");.. if (!val && this.mShowCommentColumn).. {.. treecolValue.setAttribute("flex", 1);.. this.removeColumn("treecolAutoCompleteComment");.. }.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\chevron.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13924
                                                                                                                                                                                                              Entropy (8bit):4.6059793934114515
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:iVftcobtdfWZDSH555lKQI8xkWaD5+BtidxccSqaF5hxtCGsRlVbF:iV15Jdb6+Bti31SqaF5vtC9lVbF
                                                                                                                                                                                                              MD5:64AFCC57EC2E5D56CB6D21AFE9AC8BA2
                                                                                                                                                                                                              SHA1:D071504FAFD4F58B72167AB2750DD73D5457FDB3
                                                                                                                                                                                                              SHA-256:F878C7FFAC03B2C60BA419E7F8D074AB9693D5C4CE6DC4C5B16B7077194279CA
                                                                                                                                                                                                              SHA-512:6C859A0EC91A688F1E07684F7EB9F20FAB7678B16DF7F2FC281C15BD3D47040C6FC2733F51C383128C8AC9C2C3085D7BC2B7ADDC8156054594FE8E9B386A8394
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simClearChevronMenu()..{.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. while (oMenu.firstChild).. {.. oMenu.removeChild(oMenu.firstChild);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simGetCountChevronMenu()..{.. var result = 0;.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. result = oMenu.childNodes.length;.. }.. catch(e).. {.. logSevere2(e);.. }.. return result;..}......// TODO move this functiosn to new "utils.js"..function simGetChildElementById(parent, id)..{.. for (var i=0; i<parent.childNodes.length; i++).. {.. if (parent.childNodes[i].id == id).. {.. return parent.childNodes[i];.. }.. }.. return null;..}......function simGetElemWidthForNotCollapsed(oElem)..{.. var width;.. .. if (oElem.hasAttribute('collapsed') && oElem.getAttribute('collapsed')).. {

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\commands.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3720
                                                                                                                                                                                                              Entropy (8bit):4.732388643383319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:H8cFlhDSbeaUrYCp/zse1RLDvyjz985VH0UfkliWeVHV9xx2hMVNeVZENVvIsH:ccFlxSKaaDFm/98b6xeVtNbH
                                                                                                                                                                                                              MD5:657DA6FCC2576111DF397723FD03CA59
                                                                                                                                                                                                              SHA1:ECC8EDCE87B188CBD29E9E9A1A9305FFA1DC1C64
                                                                                                                                                                                                              SHA-256:93E512E98EFDE14499E6373115E2565ECAF4E26EF920BD039FEDC73768DEABD7
                                                                                                                                                                                                              SHA-512:BA284D75D27D520894BD8A3FB1728C3F198945738A8B3D759837CF2FEC7FAF24CD95653716DEC3E6FE309AE5040575B31CD97C67881C252D17DB988C475B1648
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// trying to be close to code in IE....function simParseAllVars(url)..{.. try.. {.. if (url.indexOf("%sim_search_combo")>=0).. {.. var searchTermsEncoded;.. searchTermsEncoded = simOnSearch();.. url = url.replace("%sim_search_combo", searchTermsEncoded);.. }.. if (url.indexOf("%domain")>=0).. {.. var domain = simGetSelectedTabHost();.. url = url.replace("%domain", domain);.. }.. if (url.indexOf("%toolbar_id")>=0).. {.. var appid = simGetConfigString("simapp_id");.. url = url.replace("%toolbar_id", appid);.. }.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return url;.. ..}....function simNavigateToURL(url)..{.. try.. {.. logEnter ();.. .. // parse vars.. url = simParseAllVars(url);.. .. // Set the browser window's location to the incoming URL.. window._content.docu

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\config.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5896
                                                                                                                                                                                                              Entropy (8bit):4.541238924519937
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XjE3geVhCa6rHUjwYOJY62Nod0qLdYNne4DLM5tYDUkeCalqN85q:zpeVhCa6rHU0YOJYv20jNeycegkZ9Uq
                                                                                                                                                                                                              MD5:A53978F00A102A62E01A3E43CB5EBDBE
                                                                                                                                                                                                              SHA1:E829F60DA3F8105C0D65F7EFE139C629468172C4
                                                                                                                                                                                                              SHA-256:C1B7491D50D19286166CD2511984736368315D4ABAE7C3B8E3836351543749A0
                                                                                                                                                                                                              SHA-512:9083FD8E4C4D8E4E9444EE1DCD99FFEFB9AD6E2DE6D5F68DE008DCEAE3CFFE510866B6E4C76AF17A04C51F8C15827225361C8F7916BECA40C8C5E243D4128268
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// local helper..function simGetPreferences()..{.. if (sim_g_iPreferences != null).. return sim_g_iPreferences;.. try .. {.. sim_g_iPreferences = kCC["@mozilla.org/preferences-service;1"].getService(kCI.nsIPrefService);.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return sim_g_iPreferences; ..}....// debug helper..function logBranch(branch)..{.. try .. {.. var count;.. var array = new Array();.. var obj = new Object();.. .. .. // see http://developer.mozilla.org/en/docs/nsIPrefBranch.. array = branch.getChildList("", obj);.. count = obj.value;.. .. for(var i=0; i<count; i++).. {.. logInfo("[item " +i+ " ]" + array[i]);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simDeleteBranch(name)..{.. var prefs;.. var branch;.. .. try.. {.. prefs = simGetPreferences();.. branch = prefs.getBran

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu-handler.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):16022
                                                                                                                                                                                                              Entropy (8bit):5.164579735638881
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:oJPA3ed6vyJNKMZEYZKK/bTE4tv/j95JM5JV7osxmS7TJLQwlKeMuuC2suizrf7:ePA3edmQNKMZEYZKK/bTE4tv/xMrVRm8
                                                                                                                                                                                                              MD5:2B4FD08FBBE235E21CB29060CE159459
                                                                                                                                                                                                              SHA1:B7FB723D552129FEEAAE7CCA46EDB18A54849C44
                                                                                                                                                                                                              SHA-256:148B0E27BC88BFB16BA9FA0B1963B5F3FB6FA14D4B971EDB3E85268386644B0B
                                                                                                                                                                                                              SHA-512:EC60097A623E9CEAE81AC0D819BABF4B48CFE277B7B6BD2B1625904AB897330DC31D67B850E77C2721159542B4F28EF5EE1DB5BB90144FE6F07D37E64014261E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:/*** Constants ***/..const SIM_BROWSERCOMP_MENU_ID = "id_browser_sim_content_menu";..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";....const BRW_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const BRW_NOTIFY_LOCATION = Components.interfaces.nsIWebProgress.NOTIFY_LOCATION;....const BRW_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const BRW_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;..const BRW_STATE_TRANSFERRING = Components.interfaces.nsIWebProgressListener.STATE_TRANSFERRING;..const BRW_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..../*** End Constants ***/..../*** Members ***/..var sim_mouseOut = true;..var sim_closeBubbleWindow = false;....//Listen to browser navigation, progress, netvork, security events..var sim_bubbleBrowserProgressListener = ..{...QueryInterface: function(aIID) {....var result = null;....if(aIID.equals(Components.interfaces.nsIWeb

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3711
                                                                                                                                                                                                              Entropy (8bit):4.586487379339707
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Vv7HHeL0tgDxRILL1BtH/N0kZp/V6bZ6+oCyhXHbgB1RulleK9s19j/h1OLXy:pIdE1BtZZSloL9sB1o/ZCj/rmXy
                                                                                                                                                                                                              MD5:089FBACD08F66ACB256605630CAEB58C
                                                                                                                                                                                                              SHA1:6A2156806CADD3144F4655F6D688DA27FE89EF73
                                                                                                                                                                                                              SHA-256:29C510DA7814E46549C31EAA84204B88CE3616343E1EC7535ED0EF2DF828A786
                                                                                                                                                                                                              SHA-512:CA32B03181E9D398B025F2E35BBCE0D64C2A086C1606EFAB97B1F6CDA4A4F29AA380403736A56F6F4DDBA778507F186BF579ACE3C148C510B43B40F663E5C34F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";..var sim_g_wndContentMenu = null;....function simPreventDefaultProcessing(event)..{...try...{....if (sim_g_wndContentMenu.simTargetWindow)....{.....event.preventDefault();.....event.stopPropagation();.....event.target.parentNode.open = false;....}...}...catch(e)...{....logSevere2(e);...}..}....function SIMPoint()..{.. this._x = 0;.. this._y = 0; ..}....function simComputeContentMenuLocation()..{.. var oPoint = null;.... // step 1.. // get button.. var oButton = simMyGetElementById(SIM_TOOLBAR_BUTTON_ID);.. if (oButton != null).. {.. // step 2.. // check if current tab is opened with addons manager.. var bAddonsManagerTab;.. bAddonsManagerTab = simIsCurrentTabOfAddonManager();.. if (bAddonsManagerTab){.. // !! we get here also for "empty" tab.. // we should hide the menu.. // this is done by caller, when he gets point as null.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\cookies.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8608
                                                                                                                                                                                                              Entropy (8bit):4.625604721501032
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:J8WDV0lxkzQMqZRCdvWyx5c+KQby7DwcsF8cm:T+4dY
                                                                                                                                                                                                              MD5:1F46872FF3A64F893C4E43C081D375C8
                                                                                                                                                                                                              SHA1:DC24DFE5A9FC509A78E57F0CB4516B646D98CD30
                                                                                                                                                                                                              SHA-256:BFF21988F70894E777229045F3B70D50659F084658CCC5424F534D175E2651E4
                                                                                                                                                                                                              SHA-512:79451B08E2695B19A6B09BB45AE291C5F3176FC582969498A946ADF6662D43A2A0380A87B3B3548BFB1E7471631F645C94C53ABBA766048CF74100B63003FB50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_COOKIE_NAME = "SIMAPPID";..const SIM_COOKIE_HOST = ".sweetim.com";......// In 1.9+ and later there is new param "httpOnly"..// to nsICookieManager2:add..function simGetIsGecko19OrLater()..{.. var isGecko19 = false;.. if (kCI.nsIXULAppInfo).. {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, "1.9") >= 0).. {.. isGecko19 = true;.. }.. }.. return isGecko19;..}....var sim_g_CookiesObserver = {....// members.._registered: false,....// method: observe..observe : function(subject, topic, data)..{.. try.. {.. if (topic == "cookie-changed").. {.. // see http://developer.mozilla.org/En/NsICookieService.. if(data == "cleared" || data == "deleted").. {.. var verify =

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\domainutils.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                              Entropy (8bit):4.556954689157478
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:5YPwVFM/wVMMQq8EwK04sA1jFBAZFtJ5stxNYUXi5MIm4gz21icL:5YSFMCMMzZF04sSBqFtJ5stxN4Zm4gK/
                                                                                                                                                                                                              MD5:3A394379FE27CCBEE9FCACAD25A89624
                                                                                                                                                                                                              SHA1:9573282380AF9404FBE89F87E4A8AB2C8EA5A785
                                                                                                                                                                                                              SHA-256:8F87D2A1D2B63DCCED8AE3219A905A22129A5C9D05CCFE80123A1DFA8EAA4CC2
                                                                                                                                                                                                              SHA-512:7FD6A89AA8439F686222320E41F443CDD529662CC1B08D991BF41CC092C3971EDA0FA0B98E8AB6605F6F4D554A29694F061C05654435BA9590B5AE6BE6BD7D44
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:function getDomainNameFromURL(sURL) {.. sURL = sURL.replace("http://", "");.. sURL = sURL.replace("https://", "");.. var slash = sURL.indexOf("/");.. if (slash > 0) {.. sURL = sURL.substring(0, slash);.. }.. return sURL;..}....function getSecondLevelDomain(sURL) {.. var sDomain;.. var sSecondDomain = "";.. var arr;.. if (sURL != null) {.. sDomain = getDomainNameFromURL(sURL);.. arr = sDomain.split(".");.. if (arr.length > 2) {.. sSecondDomain = arr[1];.. }.. else {.. sSecondDomain = arr[0];.. }.. }.. return sSecondDomain;..}....function CompareSecondLevelDomains(sURL_1, sURL_2) {.. var result = false;.. try {.. var sSecondDomain1;.. var sSecondDomain2;.. sSecondDomain1 = getSecondLevelDomain(sURL_1);.. sSecondDomain2 = getSecondLevelDomain(sURL_2);.. if (sSecondDomain1 == sSecondDomain2) {.. result = true;.. }.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\dynamic.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3140
                                                                                                                                                                                                              Entropy (8bit):4.472854553394219
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:HuKNuu1ywyvw8WU5Nuu1ywGz7vFlNuu1ywy:HuwaQw2wwy
                                                                                                                                                                                                              MD5:01AD57D140DA3C93803DD9D700373C52
                                                                                                                                                                                                              SHA1:3458CD2EDE13733C9B8447251DED6CDB5B6B182D
                                                                                                                                                                                                              SHA-256:A899595EF19B413A9099A9540852BE1013EBFA18379F31E65D9ACEEAEA52A163
                                                                                                                                                                                                              SHA-512:8E74CA4104F02318B659C67A34DD259681D8CC4F0971FA6F5B6165A1FEDEEEC79180A9C1BD33340607881818349697492EDA9B96580132A4A979F54AEF778FBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// small helper..function..simInsertAfter(newChild, refChild)..{ ...var oParent;...oParent = refChild.parentNode;.. oParent.insertBefore(newChild, refChild.nextSibling); ..}....function..simAddSeperator(id, insertAfterId)..{.. try.. {.. var oNewElem;.. var oElemExist;.. .. // create new element.. oNewElem = document.createElement('toolbarseparator');.. oNewElem.setAttribute('id', id);.. .. // add it.. oElemExist = simMyGetElementById(insertAfterId);.. simInsertAfter(oNewElem, oElemExist);.. return oNewElem;.. }.. catch(e).. {.. logSevere2(e);.. return null;.. }..}....function..simAddBanner(id, url, insertAfterId, name, width, height, bAddPadding)..{.. try.. {.. var oNewElem;.. var oElemExist;.. var oParent;.. var style;.. .. // create new element of banner.. oNewElem = document.createElement('iframe');.. oNewElem.setAtt

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\file.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):7243
                                                                                                                                                                                                              Entropy (8bit):4.667029972880432
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:1Ume45J4xbfd3QMs3LfHSVoLlHVcn1EoV5HAVcj/qr8S8G0oRoccNd+:TeRpfXQLHcoBHK1D5Hac7qwvGLx0d+
                                                                                                                                                                                                              MD5:B0B4F17785E11927B144C61C3148E2AC
                                                                                                                                                                                                              SHA1:260A37C06BC8294D79C72A329C261E187E9555BA
                                                                                                                                                                                                              SHA-256:85E23241F5A8301CCF224AF5C30DD58CD6D9584E731259147E3561813F78AEF5
                                                                                                                                                                                                              SHA-512:D9F29D4AF899D6E2D7AC5F3E6F0D4BDAA09B9ED4E3B546EA257B5D65E3E319153EC67A657756899404C3BFEAEE4129F98E249B546BE4067E80F9B19A42A5FEAD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODO2 - check this: dont put log bcz it recurse..function simGetFileSize(filename)..{.. var result = 0;.. try.. {.. var file;.. .. file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. file.initWithPath(filename);.. .. if (file.exists()).. result = file.fileSize;.. else.. result = -1; .. }.. catch(e).. {.. simAssert(eSeverity.eSEVERE, e);.. }.. return result;..}....function simReadFileToString(filename) {.. .. var result = null;.. .. try {.. var file;.. var cstream;.. var fstream;.. var data = "";.... logEnter();.... file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. fstream = kCC["@mozilla.org/network/file-input-stream;1"].createInstance(kCI.nsIFileInputStream);.. cstream = kCC["@mozilla.org/intl/converter-input-stream;1"].createInstance(kCI.nsIConverterInputSt

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\findword.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3434
                                                                                                                                                                                                              Entropy (8bit):4.555949304243929
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1foLrnEe2o1349x0nrnE9zMZJH7Cb+KQGj8HmGF/hfqj:16oeBMuo9zMLHU+KQG4HzYj
                                                                                                                                                                                                              MD5:613B6833DCC4E6ABD2412016F8533729
                                                                                                                                                                                                              SHA1:2A8DD9827A4EF50AEF9BAD4A08697B2E953CF785
                                                                                                                                                                                                              SHA-256:D31BE0E9CDB8B1460D6E4F621EDE0C81E657B95D41D59B45BEA6127E43F61E4A
                                                                                                                                                                                                              SHA-512:A2FBE1B2E9A3D97F5FBD71FBC931D9672A8703B939BE0EFD7F70F895CDD77EBB32C0963BAAFD7635A9CD88DE420A57AC408EE7072C773A819D80D9E61B768E39
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simRemoveFindWordButtons() {.. try {.. logEnter();.... var oFindWordButton;.. var oFindWordItem;.... oFindWordItem = simMyGetElementById('sim_find_words_item');.. while (oFindWordItem.firstChild) {.. oFindWordItem.removeChild(oFindWordItem.firstChild);.. }.. }.. catch (e) {.. logSevere2(e);.. }..}....function simAddOneFindWordButton(oFindWordItem, label) {.. var oNewButton;.. var tooltipText;.. oNewButton = document.createElement('toolbarbutton');.. oNewButton.setAttribute('label', label);.. oNewButton.setAttribute('id', 'sim_id_for_find_word_' + label);.. //newButton.setAttribute('crop', 'end');.. oNewButton.setAttribute('class', 'sim_find_word'); // alse sets max width.. oNewButton.setAttribute('oncommand', 'simFindNextWord(event);');.. tooltipText = simGetFormattedStringFromBundle('sweetim.property.button.findword.tooltip', [label]);.. oNewButton.setAttribute('tooltiptext

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\generalobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1430
                                                                                                                                                                                                              Entropy (8bit):4.474103530814768
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:KX0t8sqp5raTuJ/fwo84vnUO0qRy67wf7o84vnM0qBQltydbjee5DRB6ykibjLeM:KE3U5J/fwopvnUO0Eyiwf7opvnM0SQPs
                                                                                                                                                                                                              MD5:EE7A229CBDB7F4F3023ACCC1A12CC8BB
                                                                                                                                                                                                              SHA1:AF5F336C583C51CD6FDB8D2FC960B525EEAA5B80
                                                                                                                                                                                                              SHA-256:8C4EA863D577011A2AACB884A18BE53C9599B3CA9B212AC893CA987DA5E2EC11
                                                                                                                                                                                                              SHA-512:C974CC5D0E5079BA1928CED96A64F3F1791079545FA983D4FA66918F5A5DFBF7D9B473AD45CD29AC3FAA9D9A86DC0F93CAD12AA42EED2ABFD5C206F759A1BDF2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_GeneralObserver = {.... // members.. _registered: false,.... // method: observe.. observe: function (subject, topic, data) {.. try {.. if (topic == "quit-application-requested") {.. simOnQuitApplicationRequested();.. }.. }.. catch (e) {.. logSevere2(e);.. }.. },.... // method: register.. register: function () {.. if (!this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.addObserver(this, "quit-application-requested", false);.... this._registered = true;.. }.. },.... // method: unregister.. unregister: function () {.. if (this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.removeObserver(this, "quit-application-requested");..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\global-namespace.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):814
                                                                                                                                                                                                              Entropy (8bit):4.8948254611600035
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:EfYCIaDJIDD7FsoKI78kLLrpbhoc5tA1iVCYKOHsgp7cbUNnIHYK30JWM/qGwY8s:ErIa/o18kzpb81zLa1nMEJWMiGWs
                                                                                                                                                                                                              MD5:F94995DEAE7ABCDFCE3A3C9BB5F5EC01
                                                                                                                                                                                                              SHA1:4D3C7CB0EA579AD062EDADD18D52EDBD54A331DD
                                                                                                                                                                                                              SHA-256:E3A1E261E542BB984064D9F1B02A72720A4F238BFB3EC8D76BD5407D5FEDB6D2
                                                                                                                                                                                                              SHA-512:B903EB8183214EE0F8F152478AB99B002746A29575AA3B2214153E2C050295C2D37CC28406432452D33F2D12751A5079DEE927CD49CF1EE0686145E434B7359A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// loaded in "global namespace", bcz function already "SIMTB_Navigate" in use by ppcbully banner,..// without use of namespace....// called from ppcbully banner, in order to open ad in _current_ or _new_ tab, instead of in new window..// (cannot be done directly using JS, without helper function)..function ..SIMTB_Navigate(url) {.. try {.. NAMESPACE_SIM_TB.logEnter();.... var target = NAMESPACE_SIM_TB.simGetConfigString("ppcbully.target");.. if (target != null && target == "new-tab") {.. NAMESPACE_SIM_TB.simNaviagteToUrlInNewTab(url, false).. }.. else { // no value, or "current-tab", as default -> open in current tab.. NAMESPACE_SIM_TB.simNavigateToURL(url);.. }.. }.. catch (e) {.. NAMESPACE_SIM_TB.logSevere2(e);.. }..}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\globals.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3538), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5929
                                                                                                                                                                                                              Entropy (8bit):5.118606362873504
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:PT7FggKebtnL/6q0P7ETojlQXdMdnL2D5JeMp6ncwGTSM3YtlPLg:PT7VKStnT6DxhSD5+gYtts
                                                                                                                                                                                                              MD5:95C9B565B9F126BA7B38D804AFF23F3B
                                                                                                                                                                                                              SHA1:7A591C7532742665FCD9BA582C7D619B0728C698
                                                                                                                                                                                                              SHA-256:0544D0A22B2AE4A1F47EE22CBA892C28D3C40AD20D46C87040A78232F5315E2B
                                                                                                                                                                                                              SHA-512:2D799781037E44944571243D6924F5CA457ECDF3B450FEE035A48DF9F5F1CBC59E49A29E26213329B53A67913C3A04D176F62337B749425BA3D3BB04DE30CD3F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// urls..const SIM_URL_SEARCH = "http://search.sweetim.com/search.asp"..const SIM_URL_WWW = "http://www.sweetim.com";..const SIM_URL_HOME = "http://home.sweetim.com";..const SIM_URL_FORUM = "http://www.sweetim.com/forum/";..const SIM_URL_HELP_FF = "http://www.sweetim.com/help_simff.asp";..const SIM_URL_HELP_ABOUT = "http://www.sweetim.com/about_overview.asp";..const SIM_URL_HELP_UNINSTALL_FF = "http://www.sweetim.com/uninstallhelpff.asp";..const SIM_URL_FEEDBACK = "http://www.sweetim.com/help_contact.asp";..const SIM_URL_PRIVACY = "http://www.sweetim.com/eula.html#privacy";..const SIM_URL_AFTER_INSTALL = "http://www.sweetim.com/installbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UNINSTALL = "http://www.sweetim.com/uninstallbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UPDATE = "http://www.sweetim.com/updatebar.asp";..const SIM_URL_SEARCH_FOR_DS = "http://search.sweetim.com/?src

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\gui.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):994
                                                                                                                                                                                                              Entropy (8bit):5.055837583663413
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nNRePft2xlRewMoHPiRoBioxNjoKweJiJ2nNRRXAofYRRm5YrRR2Re7Uh2JE:1nNEnt2xHxM4iaBioxNj2J2nNbAogmYY
                                                                                                                                                                                                              MD5:B21915268656A59AB1FEFDB73060C116
                                                                                                                                                                                                              SHA1:11029F793F81E05A5666D90367E4DE17D489ED9F
                                                                                                                                                                                                              SHA-256:F18C604A4AC3C9E331EE4CCDD5B9064392C7AE1F53068FD20F990500BE961752
                                                                                                                                                                                                              SHA-512:FCB822F6BDFFB744A74B6CF7B92F89B4A86059959B79DCB98ED2D8DAA3AA51F17290F432A4619FD3B0286D3A038D0F1C7656310D9D579087AC9E40F2D9CBEA5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyGetElementByIdImpl(oParent, id){.....var oElem = null;...if (oParent != null && oParent.hasChildNodes()) {....var children = oParent.childNodes;....for (var i = 0; i < children.length; i++) {.....var oChild = children[i];.....if (oChild.id == id) {......oElem = oChild;......break;.....}.....else {......// try to recurse......oElem = simMyGetElementByIdImpl(oChild, id);......if (oElem !== null)......{.......break;......}.....}....}...}...else{....//alert("children.length = 0");...}...return oElem;..}....function simMyGetElementById(id){...if (false) { // orig, but in correct when we also have TB running along side FB,....// bcz they use same ids....var obj;....obj = document.getElementById(id);....//alert("obj = " + obj);....return obj;...}......var oParent;...var oElem = null;...oParent = document.getElementById(SIM_TOOLBAR_ID);...oElem = simMyGetElementByIdImpl(oParent, id);...if (oElem == null) {....// alert("oElem null for id = " + id);...}...return oElem;..}..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\highlight.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11741
                                                                                                                                                                                                              Entropy (8bit):4.718561487895601
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:M4waE6qTeRNKsTVyJnd9M6sTaQqIqIPejICyIK4+WPgGMo3acYkXwx:NRqpTeejmazycM
                                                                                                                                                                                                              MD5:19C91355F834A826C848D1FAE11C5FAF
                                                                                                                                                                                                              SHA1:8EE43CDE546F9CB1BF8A4C3B4FBB0BD1A669112C
                                                                                                                                                                                                              SHA-256:8FB0A6DA582D7BE18DF253731ED0EF4136C9609064ACF8FF83B7CBD4F26F9A6C
                                                                                                                                                                                                              SHA-512:908A9B95FA8E26485027B85B94B46C84DB1FD487CC315547FB6B8E6D0720FA3EF917C091C7F33CFF5C091C35DF0B022875EFD10D52829FD96566392C4FEA2B9D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrColors = null;....// private..function simGetHighlightButton()..{ .. var oButtonHighlight;.. oButtonHighlight = simMyGetElementById('sim_highlight_btn_id');.. return oButtonHighlight;..}....// private..function simGetHighlightButtonChecked()..{ .. var oButtonHighlight;.. var bChecked;.. .. oButtonHighlight = simGetHighlightButton();.. if (oButtonHighlight.hasAttribute('checked')).. {.. bChecked = oButtonHighlight.getAttribute('checked') == 'true';.. }.. else.. {.. bChecked = false;.. } .. return bChecked;..}....// private..function simSetHighlightButtonDisabled(bDisabled)..{.. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.disabled = bDisabled;..}....// private..function simSetHighlightButtonChecked(bChecked)..{ .. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.setAttribute('checked', bChecked);..}.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\history.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2980
                                                                                                                                                                                                              Entropy (8bit):4.13201368175262
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1suFOFuLDFEFEnXU8cCVVIdk2W7zdXO4DOWlCuTMCSz:TFOcPFEFoflSI3JHD2qgz
                                                                                                                                                                                                              MD5:2A1BE640289F613777A831410130DB4D
                                                                                                                                                                                                              SHA1:BDAF40DC75C69F30799DF9A4B2428930F30F3624
                                                                                                                                                                                                              SHA-256:4B747F43C14B6C95EB37EB2340072B40125C57999DA530FFADBCB999D81ED393
                                                                                                                                                                                                              SHA-512:DDFC32305F9C0FAE715BBE4C918007E6ACD3AFC94FF0054FE47021E8EBD9B4048DC9F1F296DE2EAC76779BFC6D3ACF5E406AD47D5650FF07DCEAB4A32B1C340C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchHistory()..{.. var result = null;.. try.. {.. var arrEncoded;.. var sHistoryItems = "";.. if (simGetIsConfigExists("search.history")).. sHistoryItems = simGetConfigString("search.history");.. if (sHistoryItems && sHistoryItems.length > 0).. {.. result = new Array();.. arrEncoded = sHistoryItems.split(",");.. for(var key in arrEncoded).. {.. var encoded;.. var decoded;.. .. encoded = arrEncoded[key];.. decoded = decodeURIComponent(encoded);.. logDebug("key="+key+",encoded="+encoded+",decoded="+decoded);.. result.push(decoded);.. }.. }.. }.. catch(e).. {.. dump("simGetSearchHistory= "+e);.. //logSevere2(e);.. }.. return result; // array of decoded..}....// param text shouldNT be encoded..function simAddToSearchHistory(

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\inject.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6637
                                                                                                                                                                                                              Entropy (8bit):4.38577654837664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:YXyv7ijuSlT3gChurexw6Z7VNsOAojOWkhkCnHSBFRs+Mz2CNN:nvjquWwy7NOWqkCyBFRs+MqG
                                                                                                                                                                                                              MD5:560EFC94BF82CD40EDFA51D0EC7A8ED5
                                                                                                                                                                                                              SHA1:991B9B36CBF729632310D8B862EC92928F20D43D
                                                                                                                                                                                                              SHA-256:0A8AAB29CAFA7055F99DBAE359400B8EF187EC181F8976F7B7748CDEA4AAD88E
                                                                                                                                                                                                              SHA-512:2517F88D6F4FE557F2D894D64F9697F4FFC162F64C4E4D943B09024EDDD7CBB2E37D240CB684FE656348E082DAD011E3DEA0955BA1AB3BBB8063A4B741B9ACD4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODOZ: future use..function SIMScriptInfo() {.. this._sRegexp = "";.. this._sURL = "";..}....var g_sim_strScriptURL = "http://sc.sweetim.com/apps/in/fb/infb.js";....function simAddScriptToDocument(oDocument) {.... try {.. var SCRIPT_ELM_ID = "id_script_sim_fb";.... var objScript = oDocument.getElementById(SCRIPT_ELM_ID);.. if (!objScript) {.. var head = oDocument.getElementsByTagName('head')[0] || document.documentElement;.. var scriptElement = oDocument.createElement('script');.. var url = simGetConfigString("urls.ScriptUrlFB"); // same name as used in IE.. if (url == null || url == undefined || url == "") {.. url = g_sim_strScriptURL;.. }.. scriptElement.src = url;.. scriptElement.type = "text/javascript";.. scriptElement.language = "JavaScript";.. scriptElement.id = SCRIPT_ELM_ID;.. head.insertBefore(scriptEl

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\install.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22273
                                                                                                                                                                                                              Entropy (8bit):4.567586678614434
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:N44hc4vQNQMq2ygMZr87jmnH5dgRTHR4/bKfn+E:N4A1ZeSm
                                                                                                                                                                                                              MD5:4F697EF09E80937BD0321C81800CA48F
                                                                                                                                                                                                              SHA1:B58FA1875961D22E5E3534225F7B7D17E5530308
                                                                                                                                                                                                              SHA-256:43729CF4EC878E3B12B60A1CD19A78516BC79CFBAAA0E289DDA2432EF25E248D
                                                                                                                                                                                                              SHA-512:8FD1CFD5E02F753519A142F0DDEF5CB32ED6C59C12D1BDDC6CCDC7E1CD9CCFCC478EF5E9673543F113FD419B90C0B7B1C860499461D848A53E853F7D3C2BDE24
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simOnInstall()..{.. try.. {.. logEnter();.. simAddDefaultConfig();.. simUpdateVersionFromRDFInPrefs();.. }.. catch(e).. {.. logSevere2(e); .. }..}....function simGetPrefsArray()..{.. var arrPrefs = new Array();.. .. // keyword url.. arrPrefs.push( {prefName:"keyword.URL", prefSweetIMValue:"http://search.sweetim.com"} );.. .. // default search.. arrPrefs.push( {prefName:"browser.search.defaultenginename", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. arrPrefs.push( {prefName:"browser.search.selectedEngine", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. .. // homepage.. // get the value which was added by setup, as homepage.. // was stored also here for comparsion. see c++: SetFFDefaultHomePageUsingPrefsFile.. var sSweetIMHomePage = simGetConfigString("urls.homepage");.. arrPrefs.push( {prefName:"browser.startup.homepage", prefSweetIMValue:sSweetIMHomePage} );.... return ar

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\logger.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10479
                                                                                                                                                                                                              Entropy (8bit):4.595467703826516
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:danfRLbJ1A0MASuHvLLKO9LJOq2/pOq6pdyJFIZMGt4Z:dsbQaLLKO9LYZ/UJPaZ
                                                                                                                                                                                                              MD5:5329A994D60FB712F6D18F9D69C0B29B
                                                                                                                                                                                                              SHA1:F0E9AE0F6EE68BEE731176871741836A4F400715
                                                                                                                                                                                                              SHA-256:CA3540B7DD00EE74126562A027B6C11A3DF3E6155313D9D39DF3F48409635BBD
                                                                                                                                                                                                              SHA-512:034147BE48FEC3A3B40F74C8835FB158A8A01BEC52394DA431F5B8C614FA38C7B9DB9AFF3D34A455060E35FD0BC1860B3E6196760A9380C437A53D85222710F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// for eSeverity original definition, see Level.h..var.eSeverity =..{.. eALL:0,.. eDEBUG:1,.. eCONFIG:2,.. eINFO:3,.. eWARNING:4,.. eSEVERE:5,.. eCRITICAL:6,.. eOFF:7..};....var g_loggerInit = false;....var g_FileHandler_FileName = null;..var g_FileHandler_MinReportLevel = null;..var g_FileHandler_MaxFileSize = null;..var g_ConsoleHandler_MinReportLevel = null;....var sim_g_loggerDisabled = false;.. ..function initializeLogger()..{.. // TODO - the strings of prefs names, appear also in config.js => put them in one place only.. .. if (simHasConfigPrefs()).. { .. g_FileHandler_FileName = simGetConfigString("logger.FileHandler.FileName");.. g_FileHandler_MinReportLevel = simGetConfigString("logger.FileHandler.MinReportLevel");.. g_FileHandler_MaxFileSize = simGetConfigString("logger.FileHandler.MaxFileSize");.. g_ConsoleHandler_MinReportLevel = simGetConfigString("logger.ConsoleHandler.MinReportLevel"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\main.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2761
                                                                                                                                                                                                              Entropy (8bit):4.585147185811158
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:G3JhY6Boz41aDkkaYMjNgr3AetwWOzBT4JF5Ay6:G3JOXDlazjN+w2OBMWf
                                                                                                                                                                                                              MD5:2E2A156B39E9712A9009685B01C32097
                                                                                                                                                                                                              SHA1:E1A475D4A5630873BBB4385130F7AB784BDEB90C
                                                                                                                                                                                                              SHA-256:5A7F42C79EF674479812DB4A4AF9A0F8C419AF9042D51542174E64BA9CE9276E
                                                                                                                                                                                                              SHA-512:C8AE2C1FFD66C613D5F20B957120BCE25C436A0C5EC9D42C0202781DC78EC3C4B67AABD2EA5D3546F6E1E4C7AF69FD328D0FDAD1BCA8957872093083012C6188
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var NAMESPACE_SIM_TB = {};....NAMESPACE_SIM_TB.loadScripts = function () {.. // load external JS files, into gloabl object "NAMESPACE_SIM_TB", which is used as namespace.. try {.. var path = "chrome://sweetim-toolbar/content/";.. var loader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"].........getService(Components.interfaces.mozIJSSubScriptLoader);.. var files = new Array(.. "sweetim-toolbar.js",.. "registry.js",.. "config.js",.. "search.js",.. "searchguard.js",.. "searchservice.js",.. "logger.js",.. "commands.js",.. "highlight.js",.. "tabinfo.js",.. "tabinfo-array.js",.. "webprogresslistener.js",.. "contentmenu.js",.. "splitter.js",.. "chevron.js",.. "uninstallobserver.js",.. "version.js",.. "install.js",.. "globals.js",.. "history.js",.. "file.js",.. "stringbundles.js",.. "tooltip

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\messagebox.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):790
                                                                                                                                                                                                              Entropy (8bit):4.552759257474942
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:xb7gDv5WyDfcoXNWiB14/7+KI5hoG2tyUovprDzpTz8yhphzFnATpJx37GpJcL:1kv5BDUoX/4TNlkpp3NTwOhFmXYcL
                                                                                                                                                                                                              MD5:EBBDC1D24F91354112CE613C5FF079D4
                                                                                                                                                                                                              SHA1:9E6902E98BB070AC14A53476B830F546BCD41E4F
                                                                                                                                                                                                              SHA-256:822A4FADA8538D2365EB806AF58516D76C5E00E49FFB4B81261BFA14F13DCB3B
                                                                                                                                                                                                              SHA-512:DA18275FF3A33E93ED7D827BCB9697492A6AEEB83C5265F3A470CED73DE3DC361F39A16EB90D1C39FBBAC1BF59F002DD9EFF24F68C397DD1726D7F65DEF32F96
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMessageBox_OkCancel(sCaption, sText) {.... var result = null;.. try {.. // show message, ask user if to keep settings.. var promptService = kCC["@mozilla.org/embedcomp/prompt-service;1"].getService(kCI.nsIPromptService);.. var flags = promptService.STD_OK_CANCEL_BUTTONS;.. var check = { value: false };.. var button = promptService.confirmEx(window, sCaption, sText, flags, null, null, null, null, check);.... // set the value that user selected in result.. if (button == 1) // user selected "pos_1" button => no.. {.. result = false;.. }.. else {.. result = true;.. }.. }.. catch (e) {.. logSevere2(e);.. return null;.. }.... return result;..}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\ppcbully.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                              Entropy (8bit):3.7605520099280896
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:JyBoNLxRRtU3dLqRRdv7f+fOpLfy8fHUwBc1P+urxpZhzZDb:kB4x+opDGmB5WmuLPh
                                                                                                                                                                                                              MD5:D0D9DDC7A4FCEC37560A070DFA13BF5E
                                                                                                                                                                                                              SHA1:ABBDD24BB2BF5C915F3037F8CDB5675D6A9F331A
                                                                                                                                                                                                              SHA-256:B28E9EDE8088E44E68C13BF1AA7B540924A6D18C0F25B015D4CABC02E3F6AD3B
                                                                                                                                                                                                              SHA-512:598A7B9F07F25E0A606431F3A93D618885CD803233B29465869E754285666CA2212B53BE3BB997A48F272617618B4EB5FE799E004ECB948E941AA767D84A189B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// notifies ppcbully banner on every document complete...// called from rc.html..function..simNotifyPPCBullyBannerOfDocumentComplete(bannerId, url)..{.. try {.... logDebug("params: bannerId = " + bannerId + ", url = " + url);.. .. var oToolbar;.. var oBanner;.. oToolbar = document.getElementById(SIM_TOOLBAR_ID);.. if (oToolbar.collapsed == false) // check if toolbar is hidden.. {.. oBanner = simMyGetElementById(bannerId);.. if (oBanner).. {.. if (oBanner.contentWindow != null && oBanner.contentWindow).. {.. if (oBanner.contentWindow.pbNavigateComplete != undefined) {.. try {.. oBanner.contentWindow.pbNavigateComplete(url);.. }.. catch (e2) {.. logSevere2(e2);.. }.. }.. el

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\registry.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5801
                                                                                                                                                                                                              Entropy (8bit):4.664439405681212
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XnVid/DwfTNCDKUTisuLpBXPJjH9BL3rqzx5GH1zTNb1Lx1+:XVid/DwfT2KUTi7/XPJTbL3rqzx5GzTG
                                                                                                                                                                                                              MD5:8008F72ECA33168113BF191E38503787
                                                                                                                                                                                                              SHA1:E955FA0F508421836DF1DE60B9405CC310B1399C
                                                                                                                                                                                                              SHA-256:7744FCB23B17BAD1F7D66574158B06AF918590F13E0EBCE1550E86E2CD41388C
                                                                                                                                                                                                              SHA-512:C66418A1B16C88D205CDE3D154F907AF743DBBD4DD81CBA4870E2BE32C70784E9EE55B32670AAB984935F071BAB3D9F0C76C7551FCF9FF9FAD0CE6BCB591D4C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// rootKey > HKCU, HKCR or HKLM..// subKey - string..// sAccess > "ACCESS_READ", "ACCESS_WRITE" or "ACCESS_ALL"..function simOpenRegsitryKey(rootKey, subKey, sAccess)..{.. var result = null;.. var rootKey2 = null;.. var access;.. .. try.. {.. result = kCC["@mozilla.org/windows-registry-key;1"].createInstance(kCI.nsIWindowsRegKey);.. .. switch (rootKey).. {.. case "HKCU":.. rootKey2 = result.ROOT_KEY_CURRENT_USER;.. break;.. case "HKCR":.. rootKey2 = result.ROOT_KEY_CLASSES_ROOT;.. break;.. case "HKLM":.. rootKey2 = result.ROOT_KEY_LOCAL_MACHINE;.. break;.. } .. switch (sAccess).. {.. case "ACCESS_READ":.. access = result.ACCESS_READ;.. break;.. case "ACCESS_WRITE":.. access = result.ACCESS_WRITE;.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\release.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):146
                                                                                                                                                                                                              Entropy (8bit):4.767727345085542
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:8WlPUNFDMJ9+fkVLLxIWJVJM9BeqFHQLvC8uVL3DfFn:8WlcSJ97LRbJM9xFwL6tF3Dtn
                                                                                                                                                                                                              MD5:747594BE6C4F3CAD60FD041F4D6B2F7F
                                                                                                                                                                                                              SHA1:7281CE747E33CF70A00FA454BBD8C0757A8534B1
                                                                                                                                                                                                              SHA-256:0C82D59157B3985CBF6F254CA12A63AE86AE08EFF432EE423D0F630D7B58D123
                                                                                                                                                                                                              SHA-512:D3822A112247C1C6B5E405B6405693D52225326C1B1DCCEF44127A828C16517ADFEBD6F1E09D4EE5A983C1452361A708E9B08ADCBF004FB90A3588623B53E111
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// see relavent .h file..// "__ENABLE_LOGGING__" is not used anymore, to simplify and make only one build..// const __ENABLE_LOGGING__ = false;

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\remote.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2866
                                                                                                                                                                                                              Entropy (8bit):3.9577654921496856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:fUjX/azHQrw/Mt8vjVopMQDAGpORxQTho:kvaNjVo2CYH
                                                                                                                                                                                                              MD5:4D7F123CAD5ADDBBCD24532A7DA71839
                                                                                                                                                                                                              SHA1:A3E202D2E2E5E521DEE6C234AABFB3130108823F
                                                                                                                                                                                                              SHA-256:043DD5866F912585FAD932DF1735E702E904465BD8ABF04C7B62F257A5888B59
                                                                                                                                                                                                              SHA-512:FD4157D0889934B385FE3723C6230B259DDCAD93ED171C2486E5B462DE9BB806D60928AB16E4A11716CB60A8B1D0310F725034BA80B44EE9712AA6BAEFE94C78
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_scriptOnDocumemntComplete = null;....function simInitializeRemoteControl()..{ .. try.. { .. // MOVE to download complte of "control banner" ???/.. // step 1.. // get object of remote control web page.. var oElem = document.getElementById(SIM_REMOTE_CONTROL_ID);.. if (oElem) {.... if (oElem.contentWindow && oElem.contentWindow.SIMRC_getCodeForOnLoad) {.. // step 2.. // get script from remote control web page .. var script;.. script = oElem.contentWindow.SIMRC_getCodeForOnLoad();.. //alert("script = " + script);.... try {.. // step 3.. // execute script.. eval(script);.. }.. catch (e) {.. //alert("e = " + e.message);.. logSevere2(e);.. }.. }.. else {.. log

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\search.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13939
                                                                                                                                                                                                              Entropy (8bit):4.490104471837317
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hz4NrMFE5ypxxPgANkYser6lUljfT5wfimNN5h5Up:Pl5v6KtfT5wamNw
                                                                                                                                                                                                              MD5:A381E5306EA29348EB9965719A4F37E5
                                                                                                                                                                                                              SHA1:2602001F45E3EC3B07CD5E595843A20ACD3F9DCE
                                                                                                                                                                                                              SHA-256:7A5F71914DA2546E0C9D00B64A3CD3945312AA143768A8D7D2B8C472A38ED346
                                                                                                                                                                                                              SHA-512:0431AD475B09A019C3A1DFD730D97C0A07534A5BB8D9B9040092DC3350CBBD1BE47D302A5DAE94C6825B2F20C3C006EE4FD2D945D38D69F26A41EA667455756D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....var sim_g_historyCapacity = null;..var sim_g_arrExteranlSearch = null;....// trims start and end..function simTrimString(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return "";.... string = string.replace(/^\s+/, ''); // Remove leading whitespace.. string = string.replace(/\s+$/, ''); // Remove trailing whitespace.... return string; // Return the altered value..}....////////////////////////////////////////////////////////////////////////////////..// 1) Calls "simTrimString" to trim start and end..// 2) Removd "runs" - and convert all runs of more than one whitespace..// character into a single space. ..// The altered string gets returned...////////////////////////////////////////////////////////////////////////////////..function simTrimStringAndRemoveRuns(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\searchguard.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15169
                                                                                                                                                                                                              Entropy (8bit):4.471034320295774
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:1jHSjKtnD3TbQDzFPswdXNpF+KdoWkln6yBQdLJqKW87ZE0dhrBBhB4XqIh:ZyjKZD3vQDzFpXv3oWun6yBQdLJqKW8g
                                                                                                                                                                                                              MD5:AD60C046850E849FDE33AC00B901E559
                                                                                                                                                                                                              SHA1:663FD643D2640A319F759985BFAD727CDB26CABD
                                                                                                                                                                                                              SHA-256:39F6887369282791F458CA901DAA9690639931208CA08C7555601AA76CFC46E1
                                                                                                                                                                                                              SHA-512:42631BA9213413F857F3DAC4AABCA400D26A9303AA427D9E408FE8FF5923132E1F6D21E08DAE58B0879E07D0B49EE531D87239AF4C62EFF0FC82A513C17D1441
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_SEARCH_GUARD_PARAM = "st";....function simUnhideSearchEngine() {.. logEnter();.... try{.. var engine = simGetSearchEngine();.. if (engine!= null && engine.hidden == true) {.. engine.hidden = false;.. }.. }catch(e) {.. logSevere2(e);.. }..}....// checks if param exists in url of search provider (plugin)..// it is found under os:Param tag, in XML of search plugin...// didn't fidn a way to check this using API/XPCOM etc...function simCheckIfParamExistsInSearchProviderURL(paramName) {.. logEnter();.. .. var exists = false;.. try {.. var engine;.. var SP;.. var xml;.. .. engine = simGetSearchEngine();.. if (engine != null) {.. SP = simGetSearchPluginFile();.. if (SP.exists()) {.. xml = simReadFileToString(SP.path);.. if (xml != null && xml != "") {.. // we also check for prefix of &, bcz this is how we ad

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\searchservice.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1970
                                                                                                                                                                                                              Entropy (8bit):4.240138604578698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1ME/NbNZ4DmHfknInl/2gbNmK8hxo3i14DpWitBxgWoQfhRos2iQRpbX3HY:1MEwKsInf4ThK3iykit3Zhqs2iQfnHY
                                                                                                                                                                                                              MD5:D84A32AC7348C138C959B8DED416E3BE
                                                                                                                                                                                                              SHA1:7D3636316AE54ECD3950D7C041E54D9028C5C56F
                                                                                                                                                                                                              SHA-256:7057A6C5AA02C8C89957FC9688585B9D5484C0E739722BD714FA619FFB312BB8
                                                                                                                                                                                                              SHA-512:723B1C032C5151E9A285683830C07F687A9408252F71E2277D2C312EC640352D798C494D9A952CC26CA1488504E52359285767F322289A1A7D9F0DD9461C0C01
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchEngine() {.. var searchService = null;.. var engine = null;.... logEnter();.... try {.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != null) {.. engine = searchService.getEngineByName(SIM_SEARCH_ENGINE_NAME);.. }.. } catch (e) {.. logSevere2(e);.. }.. .. return engine;..}....function simAddSearchEngine() {.. .. var searchService = null;.. var engine = null;.. var bResult = false;.... logEnter();.... try {.. // step 1.. // check if engine already exists.. engine = simGetSearchEngine();.. if (engine != null) {.. logInfo("engine already exists");.. engine = null;.. }.. else {.. // step 2.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != nu

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\splitter.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3044
                                                                                                                                                                                                              Entropy (8bit):4.67890442222015
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:QTHlWfqcTUJrzQ2fgFDQtgM8irSjXgmcCHwZoOkKT0wTx:ucSdhzD0oYgmEX/x
                                                                                                                                                                                                              MD5:6AFA89C5ED43D559D7503C6C1C826FBC
                                                                                                                                                                                                              SHA1:83BBA8FDD394CFC46ABD3E093F177DFDD85FBBA5
                                                                                                                                                                                                              SHA-256:F0DA29B0A1584D22E79D24E278C1DF28BDADE53867D769AD0A7E27188EDAD3BA
                                                                                                                                                                                                              SHA-512:3E2806E1E9C11DEDD6F745C89F7A2F8058D09F3ED44DD638C9417F45C4DB4B7D89FD604BCA40E4D2D80D2A9279B13FCD70CB0EE659A313DA3F825435C7441AFA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// From: http://developer.mozilla.org/en/docs/XUL_Tutorial:More_Event_Handlers..// "The button and detail properties only apply to the mouse button related events,..// not mouse movement events...// For the mousemove event, for example, both properties will be set to 0."....var sim_g_dragging = false;..var sim_g_lastX = 0;..var sim_g_splitter_at_max = false;....function simInitializeSplitter()..{.. try.. {.. var oSplitter = simMyGetElementById("sim_toolbar_splitter");.. oSplitter.addEventListener('mousedown', simOnSplitterMouseDown, false);.. window.addEventListener('mousemove', simOnGlobalMouseMove, false);.. window.addEventListener('mouseup', simOnGlobalMouseUp, false);.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simOnGlobalMouseMove(event)..{.. if (sim_g_dragging).. {.. simUpdateSplitter(event);.. sim_g_lastX = event.screenX;.. }..}....function simOnSplitterMouseDown(event)..{.. //logEnter();..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\stringbundles.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1969
                                                                                                                                                                                                              Entropy (8bit):4.738627059733319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:8G7y6KggRBGVcIgy6wLvOjR7oaupozmc4soM4zfEce:dG6KRqVT6wzwtmkj/
                                                                                                                                                                                                              MD5:E030A1FFDA7407FB1C06FDB448BD7571
                                                                                                                                                                                                              SHA1:2DF2D30A384A1C19C56391C8C16A31828621B5EC
                                                                                                                                                                                                              SHA-256:AE8F9E51B3FF22C151D3E6FCE7B5DC603D29716D773AEFFF8B20FC75C7E3EA76
                                                                                                                                                                                                              SHA-512:F0F02A7492C4D23E9C7B5BC2A69BFC757A4D3C7F051C0774F15431895C4D892017D4AE882D7FBA301240723723058C37B8149A74C650CAA769F6614D658E2810
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_StringBundle = null;..var sim_g_nsIStringBundle = null;....// should be called from XUL, or JS, where "document" object is defined..function simGetStringFromBundle(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_StringBundle).. {.. sim_g_StringBundle = document.getElementById('sim_stringbundle');.. }.. result = sim_g_StringBundle.getString(name);.. }.. catch(e) {.. logWarning("exception for name: " + name);.. logSevere2(e);.. }.. return result;..}....// should be called from components, such as SIMAutoCompleteSearch.js,..// where "document" object is NOT defined..function simGetStringFromBundle2(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_nsIStringBundle).. {.. // load bundle directly.. // see "Creating the bundle via XPConnect".. // (http://books.mozdev.org/html/mozilla-chp-11-sect-3.html).. var src = 'chrome://s

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-contentmenu.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):653
                                                                                                                                                                                                              Entropy (8bit):5.057236170457901
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMG8NWF77hHEdBMBMh5I9XoCtLDAHjxAHXq6tW0N1ZHXO+gcWqSVJIsXGvc8:38kX9E6BWI9X7LqINrOaW7gsc
                                                                                                                                                                                                              MD5:BB5DF7BCC2B69614EAA5111958390C72
                                                                                                                                                                                                              SHA1:14D1A1BF2E69F338B09382EB2E1B564D0CADC02B
                                                                                                                                                                                                              SHA-256:83492D77CA972E1D2D07A7842C836A78F64F49A753E8344354F16C61AAACF820
                                                                                                                                                                                                              SHA-512:711CADB3715B729E6A91560A098504D71CF64A19528173DF0017CA839738B4F654FFF97EDAC0534E3FF68E0BC2E2201DF4806AAF96DEBB698645D16268E5868A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>..<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>......<window id="id_window_sim_content_menu"... title=""... orient="horizontal"... hidechrome="true"... xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"... onload="simContentMenuWindowOnLoad(event);"... onunload="simContentMenuWindowOnUnload(event);">.... <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/contentmenu-handler.js" />......<browser id="id_browser_sim_content_menu".. ..src="http://content.sweetim.com/sim/mfftb20.html".. ..width="420px".. ..height="440px">...</browser>..</window>

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12636
                                                                                                                                                                                                              Entropy (8bit):4.680240080485856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:XVCcV9nwupCxD5AcVl1MMoRgYjVY3kPZR8qsXdW4B8aHdivE/FF:kM9w/l57KR6atSLlFF
                                                                                                                                                                                                              MD5:63448F76A72B0C3858601365E5083946
                                                                                                                                                                                                              SHA1:EFDD6D0BAF4F2E1ACE8D1E7AD5918BCD9AF4D998
                                                                                                                                                                                                              SHA-256:088BB06B17A050D1CA7D6EF082130E4B1752CB36D49E2184F4B207CA43813B02
                                                                                                                                                                                                              SHA-512:65C10E8507688ABBCF27403ED338D488314961DCEC5E145E96FD4B1E5392D6D748404353810BA6E58F5AC34FAE3C3AC86B8490BC8418A5B8FBAC0D1578D04590
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var g_sim_onload_completed = false;....function simOnFirstRun()..{.. try.. {.. logEnter();.. .. simOnInstall();.. }.. catch(e).. {.. logSevere("catch: " + e.message);.. }..}....function simIsFirstRun()..{.. var result = true;.. var has;.. .. try.. {.. logEnter();.. .. has = simHasConfigPrefs();.. result = !has;.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return result;..}....function simOnToolbarDOMAttrModified(event)..{.. try.. { .. //logEnter();.. .. if (event.attrName == 'collapsed').. {.. var bCollapsed = event.newValue == 'true';.. simOnToolbarCollapsed(bCollapsed);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}......// we get here, when user has hidden the toobar using..// "View"/"Toolbars" and the uncheck out toolbar..function simOnToolbarCollapsed(bCollapsed)..{.. try.. { .

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17033
                                                                                                                                                                                                              Entropy (8bit):4.649335724543702
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:NYebeeVIOFtAkvocIhzBeLdGrRY6hl6gfHZbOB71oOGJ:NYYSi4lZ+717GJ
                                                                                                                                                                                                              MD5:C5E042E981DB5DC014E02AAD88A1DE44
                                                                                                                                                                                                              SHA1:2DC36BD5A53B298A5C18672F1EECC9EB72DCCC69
                                                                                                                                                                                                              SHA-256:DBAB041CFA5D8696FC6830F7814848DABE75AC2BEE7F537A54F75D16CFB28A1E
                                                                                                                                                                                                              SHA-512:C87C57DC1E2A58EC2A0121F6DFE647C1B0734BAD53DDD08BDD2483E50888DDE5DE17A8518EB11C16E4A186A83099EA12478319502CBACD4754B5CAA85807C748
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>..<?xml-stylesheet href="chrome://sweetim-toolbar/skin/sweetim-toolbar.css" type="text/css"?>....<!DOCTYPE overlay SYSTEM "chrome://sweetim-toolbar/locale/sweetim-toolbar.dtd">....<overlay id="sweetim_overlay".. xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">.. .. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/main.js" />.. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/global-namespace.js" />.... <stringbundleset id="stringbundleset">.. <stringbundle.id="sim_stringbundle" .. src="chrome://sweetim-toolbar/locale/sweetim-toolbar.properties"/>.. </stringbundleset>.. .. not used since fix of RNDTBFF-56.. <popupset id="mainPopupSet">.. <popup.id="sweetim_popup_history".. type="autocomplete"/>.. </popupset>.. --> ....

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo-array.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2353
                                                                                                                                                                                                              Entropy (8bit):4.4133762029710155
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:/lQx+UoGfwVGhCyVj8Y1PXDKQDu1BjCxCto6qPlRPd9tfDQnZic4EwKCu9w+zauA:/UBoGfwoht8YF21IfLFDQ4c4kSJzQQ
                                                                                                                                                                                                              MD5:EDE3C37AA333FA205B96194440176B3A
                                                                                                                                                                                                              SHA1:550F751348470DCB586DA42834C26457A4B711B1
                                                                                                                                                                                                              SHA-256:8C2D75157683F82FD0F36058F73B68F924CA0BCA79F5F04D6EE51D31D020970F
                                                                                                                                                                                                              SHA-512:C8FF1992EE4C6C4C10422E67BE140BF7129D9D15F1E250689AEC8742E32BB65821B4BB6CEDC1BDB5447E2B2EB0D3D201546F73CE3FE7C0051D63CE22EC2667D4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrTabInfo = null;....function simGetTabInfo(tabId) {.. var oTabInfo = null;.... if (tabId != undefined && tabId != null && tabId != "") {.. oTabInfo = sim_g_arrTabInfo[tabId];.. if (oTabInfo == undefined) {.. logWarning("oTabInfo is undefined");.. }.. }.. else {.. logWarning("tabId not valid");.. }.. return oTabInfo;..}....// adds SIMTabInfo to array, for relevant tabId;..// returns the web progress listener object, which is associated with this tab..function simAddTabInfoToArray(tabId) {.. var result = null;.. try {.. if (tabId != null && tabId != "") {.. // step 1.. // create array, if not created already.. if (sim_g_arrTabInfo == null) {.. sim_g_arrTabInfo = new Array;.. }.... // step 2.. // create progress listener.. var oWPListener = new SIMWebProgressListener(tabId);.... // step 3.. //

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11111
                                                                                                                                                                                                              Entropy (8bit):4.412389992855388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:O0+++rWl/S5vHvXm0kqs1zeGY097hKBIBfI/RvWvXHcnmsccCiivJftPk9XCxjM:Ov++O/S5fv1zezi0pMOfn4iBkN
                                                                                                                                                                                                              MD5:603652891F4165AD4CE73E9B4AE82901
                                                                                                                                                                                                              SHA1:AB08428843B571051EB4F15EE2AD03408A04FAE9
                                                                                                                                                                                                              SHA-256:8D5BC4EC85859DD72D92552E8B5EEC890D41DDEB6F42DE4289564F6CB6E0C7FA
                                                                                                                                                                                                              SHA-512:6CA0C10601E1F83392CFEAF84E5BC3BDE60B9BD1B6D247C207CCEC6CF3E9215EE996C2C953A13B2C1ECE95781909B3D2A433CEED6EA6960022E89C765A2D8E75
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function SIMTabInfo()..{.. this._webProgressListener = null;.. this._sSearchString = ""; .. this._bHighlight = false;..}....function simGetSelectedTabBrowser() {.... var index = null;.. var oBrowser = null;.... index = gBrowser.mTabContainer.selectedIndex;.. if (index != null) {.. oBrowser = gBrowser.getBrowserAtIndex(index);.. if (oBrowser == null) {.. logWarning("oBrowser == null");.. }.. }.. .. return oBrowser;..}....function simGetSelectedTabURI()..{.. var oBrowser;.. var oUri;.. .. oBrowser = simGetSelectedTabBrowser();.. oUri = oBrowser.currentURI;.. .. return oUri;..}....function simGetSelectedTabHost()..{.. var oUri = null;.. var oResult = null;.... oUri = simGetSelectedTabURI();.. if (oUri != null) {.. try {.. oResult = oUri.host;.. } catch (e) {.. // we get here when tab is opened with "Addons Manager", in FF4.. // or when tab is e

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tooltip.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3243
                                                                                                                                                                                                              Entropy (8bit):4.391385132766343
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:ijC31Dmdj5UY2c6Q6gm6aL6eN76bL6z/S:ijQ1Dmdj5J2PzgFa+eNub+z/S
                                                                                                                                                                                                              MD5:3CB6E2DE74E1DBA38BF405DD21786908
                                                                                                                                                                                                              SHA1:0E0B2EA4AF92DFF76FCBBA0F83D1659C6BB6A229
                                                                                                                                                                                                              SHA-256:155DF0BA4DFB6E9792D291B1C58B738EC0F908665E594205BA1445CC6EAF55B8
                                                                                                                                                                                                              SHA-512:E7A84B89EA6B18DE5298FE5632C71601423D989D17009D6D85E4B550848541838C9F2F8027938E379644E5D72802880B8576CF10B76338DC62B7AE413F70ADA5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// Explenation: why we use "simOnTooltipNeedText" for dropmarkers:..// This method is used to set a tooltip to a dropmarker,..// Since setting "tooltiptext" doesn't work...// This code was used (and didn't work):..// oDropmarker = document.getAnonymousElementByAttribute(oButton, 'class', 'toolbarbutton-menubutton-dropmarker');..// oDropmarker.setAttribute('tooltiptext', strTooltip);..// As said, it doesnt't work (apparently requires adding xbl binding), so the trick with..// "simOnTooltipNeedText" is used instead....function simIsFromDropmarker(node)..{.. var result = false;.. try.. {.. // this "trick" is not documented... // it is by trial-and-error, and comparing all.. // atrributes of the button, when the mouse is over.. // the button itself VS mouse is over the dropmarker.. if (node.hasAttribute("buttonover")).. result = false;.. else.. result = true; .. }.. catch(e).. {.. logS

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\uninstallobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6308
                                                                                                                                                                                                              Entropy (8bit):4.322938270187311
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:FizaB32QhH8Ocuzwa5o4KQqkhJzyjz35UAlxlONyOopRQMVD:xNlWVv5zkCZjlxAqzQMVD
                                                                                                                                                                                                              MD5:D6F084EB3DB05BC7DE868C5A43266E22
                                                                                                                                                                                                              SHA1:31EDAEE1B293F2304AFEAA1F8DC655FAE8D97947
                                                                                                                                                                                                              SHA-256:D3144F66CA27D00ADD929B16A377EB4197BE80403F104FB577E48EE7CBB02A1A
                                                                                                                                                                                                              SHA-512:B4F2382A0473755FB495ECD00EBF3C4FAB00163BC07F2DDEC737E3358EE7F922399834416DE1C6A5AFAD47D68D1F3F10319F4DACA02D33BB232B99121F37C933
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// based on:..// Creating an uninstall script for an extension..// http://xulsolutions.blogspot.com/2006/07/creating-uninstall-script-for.html....const g_SWEETIM_EXTENSION_UUID = "{EEE6C361-6118-11DC-9C72-001320C79847}";....function simInitializeUninstallObserver(){.. .. logEnter();.. .. try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simAddAddonListener();.. }.. else{.. sim_g_UninstallObserver.register();.. }.. }catch(e){.. logSevere2(e);.. }..}....function simUninitializeUninstallObserver(){.. .. logEnter();.... try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simRemoveAddonListener();.. }.. else{.. sim_g_UninstallObserver.unregister();.. }.. }catch(e) {.. logSevere2(e);.. }..}....var sim_g_extensionManager = null;....// gets the extensions manager ("addons dialog")..function simGetExtensionsManang

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version-ff.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3189
                                                                                                                                                                                                              Entropy (8bit):4.859823909450792
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:yNLUXUmNLUdUoNLUuUhNLUYUGNLUbUxVGs+:y+km+Oo+5h+PG+IxVGs+
                                                                                                                                                                                                              MD5:626EC7868806436521619FFA2D4C43AE
                                                                                                                                                                                                              SHA1:7CC61D0CF2655750D4DE24A019EB68C49F24F9C3
                                                                                                                                                                                                              SHA-256:23A71210EAEE3F9CE45FA18C4066469D1D08246228999A32FDE68AB7A04A21ED
                                                                                                                                                                                                              SHA-512:A6C43FDB39890D82140DA955FCEDF33EAC0B1195ADE82A865C8DF4AE8397989C1696A400DAE5BBC38CC3AED590A041F1314C42E7B0DC5CB2A8A5C14AB914E46C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// geckgo version < param version..function simGeckoVersionLessThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) < 0) {.. result = true;.. }.. }.. else {.. logSevere("kCI.nsIXULAppInfo");.. }.. return result;..}....// geckgo version > param version..function simGeckoVersionGreaterThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) > 0) {.. result = true;

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1864
                                                                                                                                                                                                              Entropy (8bit):4.240060812234503
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:lrzBe/hEjROmSYbh/VQB3tE2kDZeD2ex1ckibN2TaSDpzt7/R4V3Dnce:5IcrRhdQptEVeEO767ce
                                                                                                                                                                                                              MD5:2871DC9B99AEEB281122611968CFF89A
                                                                                                                                                                                                              SHA1:3FEBAD1B619F1E00C4D028D4BF6EAD1C68BF8BAD
                                                                                                                                                                                                              SHA-256:D26BEA9835FD7449906E44DCD8A390C8FB6F1A56D3BBA76D8F0331C36ED01CD3
                                                                                                                                                                                                              SHA-512:43489D6C1ECC3C3A34B421D13893F1BF5BD1A074F79C050965B3CD2950333FAF8D10A4E5B9751C11A737B09EACF975A9694186A0AFA612DB3E3788282F797B45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// globals, used for getting version in FF4..var sim_g_version = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.. // step 1.. // set global value.. sim_g_version = addon.version;.. // step 2.. // set evant.. sim_g_event.value = true;.. } catch (e) {.. logSevere2(e);.. }..}....function simGetVersionFromRDF() {.. .. var version = "";.. try {.. logEnter();.... var oDetails = null;.. oDetails = simGetAddonDetails();.. if (oDetails != null) {.. version = oDetails._version;.. }.. else {.. logWarning("oDetails != null");.. }.. }.. catch (e) {.. logSevere2(e);.. }.... return version;..}....function simUpdateVersionFromRDFInPrefs()..{.. try.. {.. var version = simGetVersionFromRDF();.. simSetConfigValue("version", version);.. }.. catch(e).. {.. logSevere2(e); ..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\wait.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                              Entropy (8bit):4.159322508675548
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nI9uwAoWL0vDaGH557rFqiVvHZfcaUsicL:1n4u9S5vEi55kaucL
                                                                                                                                                                                                              MD5:29473F2C75F43F49572F1BF8868B9C74
                                                                                                                                                                                                              SHA1:17091A09EFC714CF73A0C0211CDE5B4670624148
                                                                                                                                                                                                              SHA-256:F336277ED0859E586E814110D7260345BBB9531DD0914A1B9F72A27BCEBB8286
                                                                                                                                                                                                              SHA-512:C071FD05145916BAF91F572D0DBECF91931D11E7126C7354AB0BF61C2A0DEBE6CF7D1EC58BD240A876C08E633D7EA8D76B8C1F2F233DC9F67425C2925A782A5D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyEvent() {.. this.value = false;..}....// waits till the param event value is set to true..// returns true if event coccured, false if timeout reached..function simWaitForEvent(oMyEvent, timeout) {.... var result = null;.. try {.. var loops = 0; // used only for debug.. var start;.. var now;.. var elapsedMillSecs;.. var thread = kCC["@mozilla.org/thread-manager;1"].getService(kCI.nsIThreadManager).currentThread;.... // step 1.. // take snapshot of current time.. start = new Date();.... // step 2.. // while event not set to true.. while (oMyEvent.value != true) {.. loops++;.... // step 3.. // check if timeout elapesed.. now = new Date();.. elapsedMillSecs = now.getTime() - start.getTime();.. if (elapsedMillSecs > timeout) {.. // if timeout elapsed -> break.. result = false;.. br

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\webprogresslistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2992
                                                                                                                                                                                                              Entropy (8bit):4.687458025277307
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:V7BcIl2uVA1wbXMJGOPbySbKH/JWRU8rSWTeAgn9:5BRwKHhWRJSWTeh9
                                                                                                                                                                                                              MD5:D7AC8AA1B5ED24A1CE649258252D0184
                                                                                                                                                                                                              SHA1:CC9B641450B84CDE7D0936043836B4E7C53F42FC
                                                                                                                                                                                                              SHA-256:E3B25502DCA1B164A6F01F087EF913F9F7B869989BF09FE70EFF747D0BA59CBA
                                                                                                                                                                                                              SHA-512:DCAAE7CC5FB24346BECD5B11F244EFBED30625404048F7ECB9678F0567BAF627D8C4D5A205C7A79425D14DC561856D258F56E0FAD2DB7EAE1223439A7DD96ED0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const WP_NOTIFY_STATE_NETWORK = Components.interfaces.nsIWebProgress.NOTIFY_STATE_NETWORK;..const WP_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const WPL_STATE_IS_NETWORK = Components.interfaces.nsIWebProgressListener.STATE_IS_NETWORK;..const WPL_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..const WPL_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const WPL_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;......//..// Object SIMWebProgressListener..//....// Listener which catches events when page is being loaded within a tab...function SIMWebProgressListener(tabId)..{.. if (!tabId).. {.. // get current tab id.. tabId = simGetSelectedTabId();.. if (tabId==null || tabId=="").. {.. logWarning("invalid tabId");.. }.....}.. this.tabId = tabId;..}....// Listener object - designe

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3226
                                                                                                                                                                                                              Entropy (8bit):4.968367102212091
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:wt3gCoVqrKAh+1zqI1tKSUyjBCS43IBAdTSmTHCow3pCeVLLv:OMYL0zqOIbAAVTQpBV3v
                                                                                                                                                                                                              MD5:343E720BF01C524700FD1371E25ED76F
                                                                                                                                                                                                              SHA1:4513CE9406E22284E73D8235807B8EC341801FAC
                                                                                                                                                                                                              SHA-256:E5F0DC1A6B2A6B251C616B05A18AA0E56CAB386646F7806B2753C3D1BEE63BFB
                                                                                                                                                                                                              SHA-512:0794397E3706E3CBBEF9473E03DD6CBC3594A818458FC6EF2E33E9B53EAA4C85F5F40E7BF0426255D68DFC13B881B6925CF884D07E756081073D098A80EA9D9E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Start">..<!ENTITY sweetim.main_menu.search.label "SweetIM Suche">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Zu den SweetIM Foren gehen">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Hilfe">..<!ENTITY sweetim.main_menu.feedbcak.label "Feedback Schicken">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Kontaktieren Sie uns in allen Fragen rund um die SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Datenschutz">..<!ENTITY sweetim.main_menu.privacy.tooltip "Datenschutzinformationen zur SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Hier k.nnen Sie Ihre Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Cache

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                              Entropy (8bit):4.780426889876654
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E915lh2Z3IlUPDmTGEcLvKESsO96yTiTXKo8HqybkE/rOeopllQPVY:kuIWShmvKETOEHkqA3mt
                                                                                                                                                                                                              MD5:A9B471175D46F7E036E663F420F7B8F1
                                                                                                                                                                                                              SHA1:FB4BF0AC6393BBF9D10E8243F0660A1B0E86165F
                                                                                                                                                                                                              SHA-256:C0493FC117448470EA45CC0C303FC24597B6F73DBC3B5CEC823A34ACEAC3A224
                                                                                                                                                                                                              SHA-512:C0DA03C559E677F9D566575FCA19522064D6D6BD048644143DF1DEE606E89072E950C593A3F8052412BDD9627926FDEC5EA845C8EA58C7928B714E20A0B204B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Hervorhebung der Suchbegriffe auf dieser Seite umschalten..sweetim.property.button.highlight.disabled.tooltip=Text im Suchfeld eingeben um ihn hervorzuheben..sweetim.property.button.findword.tooltip=N.chstes Vorkommen von '%1$S' im aktuellen Dokument finden..sweetim.property.history=Chronik..sweetim.property.button.main_menu.tooltip=Zu SweetIM Suche gehen..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Men...sweetim.property.button.search.tooltip=Web-Suche..sweetim.property.button.search.dropmarker.tooltip=Klicken Sie zur Auswahl anderer Sucharten ..sweetim.property.menuitem.chevron.highlight.label=Highlights..sweetim.property.uninstall.title=%S deinstallieren..sweetim.property.uninstall.text=M.chten Sie die SweetIM Homepage und SweetIM Sucheinstellungen beibehalten, so dass Sie weiterhin schnellen Zugriff auf leistungsstarke Internetsuche genie.en k.nnen?..sweetim.property.searchguard.hp.caption=Homepage-Einstellunge

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3103
                                                                                                                                                                                                              Entropy (8bit):4.908927731948598
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1BMMgluIHzUgLA9k3tgxmHMdT8fdLMMB4ZqBMMwMCtMVLuMv:/j+VzUCYUsqlwujnPVNv
                                                                                                                                                                                                              MD5:2B62306DADAAC6BC5992539D32CEE068
                                                                                                                                                                                                              SHA1:AEF00558ED94D83E35FE470EE31574201D02ABC4
                                                                                                                                                                                                              SHA-256:B79F50D22CB081A3C96AFAAB7E362A60C2259C0A76B82B94DDFAF2370A9A8E36
                                                                                                                                                                                                              SHA-512:C7B39C09C9FF5B2BA75634DD79D199F4189784192F5FFCF933B3CA4AA049E65EC1308D63C3BD3A65C0E369C6291DC80A37397AD1CCDB528B134F9C6F9466BD4C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Search">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Go to SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact Us">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contact us in all matters relating to SweetIM Toolbar for Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy Information">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Toolbar for Firefox privacy information">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Clear Cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "This will erase your cookies">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Clear Cache">..<!ENTITY sweetim.trackserase

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1535
                                                                                                                                                                                                              Entropy (8bit):4.634286586985755
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Gs82eGZumVva6g3VreT3un57aoPUakT+4bXakT+f5oLJhbB:F6uYvIreT0GoCTLlT8qJn
                                                                                                                                                                                                              MD5:F328392AF820D3B5E73CFCB4982270AE
                                                                                                                                                                                                              SHA1:741DCA0A4BE0FC3F9F43ADE15FABA882243CF785
                                                                                                                                                                                                              SHA-256:04AEB167614D959F0EE1FBA37D10018D3CE8D77C0AC8336E0A2C388DDEF63AF5
                                                                                                                                                                                                              SHA-512:74BE6B647AEEEB2DAE2B7160ABDE358B9A208E4F6DB7D8DDF69147E7831CEBAD9171A1E311264143CA6528FA8B1CE80C1CC13EAE2549707A685BC517234AB87F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Toggle highlighting of search terms on this page..sweetim.property.button.highlight.disabled.tooltip=Enter text in the search box to highlight it..sweetim.property.button.findword.tooltip=Find next occurrence of '%1$S' in current document..sweetim.property.history=History..sweetim.property.button.main_menu.tooltip=Go to SweetIM search..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Search the Web..sweetim.property.button.search.dropmarker.tooltip=Click to select other search types..sweetim.property.menuitem.chevron.highlight.label=Highlight..sweetim.property.uninstall.title=Uninstall %S..sweetim.property.uninstall.text=Would you like to keep the SweetIM homepage and SweetIM search settings so you can continue enjoying quick access to powerful internet search?..sweetim.property.searchguard.hp.caption=Home page Settings Change..sweetim.property.searchguard.hp.message=Your default

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3363
                                                                                                                                                                                                              Entropy (8bit):4.953586806232814
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:el1K9muYgYqOHznSNEnlZoY8rSYQhfY3cThI/5s7YFfLC:Y5zKEgSI/5OYFf2
                                                                                                                                                                                                              MD5:DA4E42A8F0D9CB3FE917D9B08DFF4E44
                                                                                                                                                                                                              SHA1:9224598E58A628E1125683A8C17823B269380DF9
                                                                                                                                                                                                              SHA-256:3B2597E3A3995619AD16ED69829FA0990CDFFB97B7F6525E3D9F05C2BF46D83C
                                                                                                                                                                                                              SHA-512:B3D36A91B073CFC63CC6CE4A9759564D9825E49B89140C4A0170C6654E61B43C0781524218BA6694F522B0D71FC50F86AB3537F9D8C2D62C462B43E632AB90A4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Inicio SweetIM">..<!ENTITY sweetim.main_menu.search.label "B.squeda SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Panel de mensajes SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ir a Foros SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Borrador de pistas">..<!ENTITY sweetim.main_menu.help.label "Ayuda">..<!ENTITY sweetim.main_menu.feedbcak.label "Cont.ctenos">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "P.ngase en contacto con nosotros en lo relacionado con la barra de herramientas SweetIM par Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informaci.n de privacidad">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informaci.n de privacidad para la barra de herramientas SweetIM para Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Borrar cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Borrar. sus cookies">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1805
                                                                                                                                                                                                              Entropy (8bit):4.692581821283924
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9zIxp2HNZB46N8vLcJxcyRIE2BZwuu39Aue1SXi9n4uevlXe9hue+:2IxiNZB4xvLMxvaK9AueN9n4ues9hue+
                                                                                                                                                                                                              MD5:390E575C828684329B97619EB451ED83
                                                                                                                                                                                                              SHA1:651CBB3F2C1C8A360CBAE4D00E77AD3FAF24A330
                                                                                                                                                                                                              SHA-256:67FD3B472B8243E1B101BA54427E78C0C3C0DCC1EE61E1389A6C0BFA70CE5A9C
                                                                                                                                                                                                              SHA-512:6F7BA65224DE94A5D388D6CAF23B544A95FBE9B059680743C2D48D979B4BAFD4D1A8897E2E97415E1D77AD8AD4ACC5952C981E757428730456714FFF81D5F571
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Alternar el resaltado de los t.rminos de b.squeda en esta p.gina..sweetim.property.button.highlight.disabled.tooltip=Introducir texto en el cuadro de b.squeda para resaltarlo..sweetim.property.button.findword.tooltip=Buscar la siguiente aparici.n de '%1$S' en este documento..sweetim.property.history=Historial..sweetim.property.button.main_menu.tooltip=Ir a b.squeda SweetIM Search..sweetim.property.button.main_menu.dropmarker.tooltip=Men. SweetIM ..sweetim.property.button.search.tooltip=Buscar en la web..sweetim.property.button.search.dropmarker.tooltip=Hacer clic para seleccionar otros tipos de b.squedas..sweetim.property.menuitem.chevron.highlight.label=Resaltar..sweetim.property.uninstall.title=Desinstalar %S..sweetim.property.uninstall.text=.Le gustar.a conservar la configuraci.n de la p.gina de inicio SweetIM y de b.squeda SweetIM de manera que pueda seguir disfrutando de un r.pido acceso a una potente b.squeda de Int

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3386
                                                                                                                                                                                                              Entropy (8bit):4.946143805128272
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:YUOGEF59RzwDJXc3Ga9jwTfBtVdgs5zglLXMa:gRzwDJCj8fwsIga
                                                                                                                                                                                                              MD5:4FA0C67A5376147914F61095F68FF413
                                                                                                                                                                                                              SHA1:467B3B262F1803CF4CB11F0DF1189305CCA6493C
                                                                                                                                                                                                              SHA-256:38A9AAE24ABCF3ED24EA64E8A1A3831DA557C6B60582A70E3973E4F78B97E8A3
                                                                                                                                                                                                              SHA-512:A53D7BE419CE82A65314FF5404F51CAA9DBDDD999D0B4315095FDFBBCF2E33A2FF26750E39913BD52E15CEF557F26A9076CB2B6DA6394884B8D37093C2865622
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Accueil SweetIM">..<!ENTITY sweetim.main_menu.search.label "Rerchercher dans SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Forum SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Aller aux forums SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Effacer mes traces">..<!ENTITY sweetim.main_menu.help.label "Aide">..<!ENTITY sweetim.main_menu.feedbcak.label "Contactez-nous">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contactez-nous pour toutes les questions li.es . la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Charte de confidentialit.">..<!ENTITY sweetim.main_menu.privacy.tooltip "Charte de confidentialit. sur la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Effacer les cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Ceci effacera vos cookies">..<!ENTITY sweetim.trackser

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1943
                                                                                                                                                                                                              Entropy (8bit):4.7702687098251415
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Zk52rt7rzISjGKvkN9wqXvljqrKAYsjHZTCQAKYWYaPpT4QPOD0YWIKWl:0NtcSjRvCvljqm+1aaXPYK+
                                                                                                                                                                                                              MD5:4431C2790194EF7E437143F23CDC29E4
                                                                                                                                                                                                              SHA1:7BF58B987029638CF9DE413DC2086E842F429290
                                                                                                                                                                                                              SHA-256:BD64BB1D5964DDA5DCCC0E25ED26C51A10F6F3393DC8F608B7C1EC6F51B352E8
                                                                                                                                                                                                              SHA-512:0C72707E11613C8D3F4794B3FAC82D8CBFC8F1825BA721B5D08F5B718B5CEC8735FE0CA5C9886297F8EAA02189BC08A7A83E5AA030F48545177BFD5B10D91487
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Activer/d.sactiver le surlignage des mots recherch.s sur cette page..sweetim.property.button.highlight.disabled.tooltip=Saisir le texte dans la fen.tre de recherche pour le surligner..sweetim.property.button.findword.tooltip=Rechercher l.occurrence suivante de '%1$S' dans le document actuel..sweetim.property.history=Historique..sweetim.property.button.main_menu.tooltip=Aller . la recherche SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Rechercher sur le Web..sweetim.property.button.search.dropmarker.tooltip=Cliquer pour choisir d'autres types de recherche..sweetim.property.menuitem.chevron.highlight.label=Surligner..sweetim.property.uninstall.title=D.sinstallation de %S..sweetim.property.uninstall.text=Souhaitez-vous conserver la page d.accueil SweetIM et les param.tres de recherche SweetIM afin de continuer . profiter d.un acc.s rapide . une recherche In

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3350
                                                                                                                                                                                                              Entropy (8bit):4.8917769951145
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:IfLNtmvDvLn05w5rzbQryFfDCBJvfToBep+ILYMa:IKbTn05wZzbQGVevcBlITa
                                                                                                                                                                                                              MD5:7AEE63481187ECEE6DB55617A6B75C56
                                                                                                                                                                                                              SHA1:77323755C9533660E759681FBDAEAB3175AA1886
                                                                                                                                                                                                              SHA-256:AD9DC46F37E945240BD28DCE8F0B7E930DBDE6071658A7D1CF2A77C2D1AA8685
                                                                                                                                                                                                              SHA-512:B412F7AFB983D5DB746A3FBEA849D8D6551D5CB632325E2574DFD6FEBADBFA17C0FAD8E7BF2E508BC409C330A28F8270BBCE45FFA43B3C5A145C3048DD64C572
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "Cerca con SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Area messaggi SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Vai ai forum SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Cancella tracce navigazione">..<!ENTITY sweetim.main_menu.help.label "Aiuto">..<!ENTITY sweetim.main_menu.feedbcak.label "Invia commenti">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contattaci per qualsiasi problema/quesito relativo alla barra degli strumenti SweetIM per Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informazioni sulla privacy">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informazioni sulla privacy della barra SweetIM per Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cancella cookie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "L'operazione canceller. i cookie">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1607
                                                                                                                                                                                                              Entropy (8bit):4.584285505783685
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9YN2z/BC7vGlvPljRuq67EVhocEzZGwPFuOpEhoPyY7L:7uiv2vx0q6Q/oLz9OoqY7L
                                                                                                                                                                                                              MD5:E812535CE93B3877F4414DADF040B5F3
                                                                                                                                                                                                              SHA1:2D99203C28D900F4A891D7F0AC1C3B2B12168714
                                                                                                                                                                                                              SHA-256:4E8785F17DBEA4756212BD7705E98DA81A8D850F083E0ED0D97F83370DDCF101
                                                                                                                                                                                                              SHA-512:CED8B831D8117127F593FDB60EB24B7F96AED1E1E5B867886D4BBDC6F127D1B1F8E5413254802B2037537DAE913900877114FE51BC1D8D8A6218192142622BBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Attiva l'evidenziazione dei termini della ricerca su questa pagina..sweetim.property.button.highlight.disabled.tooltip=Inserisci il testo nella casella della ricerca per evidenziarlo..sweetim.property.button.findword.tooltip=Trova la successiva occorrenza di '%1$S' nel documento attuale..sweetim.property.history=Storico..sweetim.property.button.main_menu.tooltip=Vai a Cerca con SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Cerca nel web..sweetim.property.button.search.dropmarker.tooltip=Fai clic per selezionare altri tipi di ricerca..sweetim.property.menuitem.chevron.highlight.label=Evidenzia..sweetim.property.uninstall.title=Disinstalla %S..sweetim.property.uninstall.text=Vuoi salvare la home page SweetIM e le impostazioni di ricerca SweetIM per accedere rapidamente alla nostra potente ricerca Internet?..sweetim.property.searchguard.hp.caption=Cambio impostazioni Home

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3273
                                                                                                                                                                                                              Entropy (8bit):4.947891556350373
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:f2r110JZGwl/a61lQsO1zscYDB0wyPzoSH51UJ+MOl7T+RisLcyFQLtl6WyI76DD:f2rICoEzTq0wyZ1g+fl7TBsaVVm/Lv
                                                                                                                                                                                                              MD5:01AC12BC348313FC5737F0C433088AD5
                                                                                                                                                                                                              SHA1:5C3F83C74ED43303D2A45070237911823DC06624
                                                                                                                                                                                                              SHA-256:B24408110B993F10E2205EA02E71EE66F5D5416304AFE1445F817B956B61A737
                                                                                                                                                                                                              SHA-512:3A0C823819BE7AEA64CC418A583B2974CA35D27573375028F386AEF1473088F172B4582C742C216736338C3126059B6A1457C5DADCAFED0940DF4422E5CE7FDC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Zoekfunctie">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Mededelingenbord">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ga naar SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Sporenuitwisser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact-informatie">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Neem contact met ons op over alles wat te maken heeft met SweetIM Taakbalk voor Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy informatie">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Taakbalk voor Firefox privacy-informatie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Verwijder cookies ">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Dit zal uw cookies wissen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Ve

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1692
                                                                                                                                                                                                              Entropy (8bit):4.595629503022333
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9R2Xa+CgtWLmDvCwu0D+34bIcgPsVrPbjhgMhgPBQqPpTkg:s5gtgIvnD+tLgbrSTdkg
                                                                                                                                                                                                              MD5:582BEFD8357EB62BD9ADA8CA3F4D3E02
                                                                                                                                                                                                              SHA1:C6F8C959A779F90C99947956E1F38CA1429D08D5
                                                                                                                                                                                                              SHA-256:68513E080CD6D3B3CC9B1D55E5A3EFC40D341E6B7E2C29392A3C0AE046E20BB6
                                                                                                                                                                                                              SHA-512:FA4E7D22912E20ACC1B23214A60C343EA88DA0A20860F061599EE3113D2077964BF356B7ED5028D735911CB942D6359ADF81268BAA28B86AA0CF350F4C280618
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Markeren van in- en uitschakelen van zoekonderwerpen op deze pagina..sweetim.property.button.highlight.disabled.tooltip=Voer tekst in bij de zoekbox om die te markeren..sweetim.property.button.findword.tooltip=Vind de volgende keer dat het '%1$S' voorkomt in het huidige document..sweetim.property.history=Geschiedenis..sweetim.property.button.main_menu.tooltip=Ga naar de SweetIM zoekfuntie..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Zoek op het web..sweetim.property.button.search.dropmarker.tooltip=Klik voor het kiezen van andere zoekfuncties..sweetim.property.menuitem.chevron.highlight.label=Markeer..sweetim.property.uninstall.title=%S de-installeren..sweetim.property.uninstall.text=Zou je de SweetIM homepage en SweetIM-zoekinstellingen willen bewaren, zodat je plezier kunt blijven hebben van een snelle toegang tot een krachtige internet-zoekfunctie?..sweetim.property.search

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileySmile.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4706
                                                                                                                                                                                                              Entropy (8bit):7.939609866150524
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTLTT3Aau8Z3pqoMN4t4qDhV6c:nSDS0tKg9E05TLTTHu8E4t4qDrl
                                                                                                                                                                                                              MD5:72C9881C090F7C954451691AEC0266D2
                                                                                                                                                                                                              SHA1:E0572385B740CAD95B8471A77CF1384A8A4EC687
                                                                                                                                                                                                              SHA-256:510F120EFE2F234C3662020143BC9F606EABCFCB80C901D53EA8BCA753A27E92
                                                                                                                                                                                                              SHA-512:C6A1B65EAEF3C1A3A49A53024F7E4AD898286A2AF8D779E6088B54E95C06616570D39CBCE202E48C59A05224AE41BF8AC66778B4248ED319E6F36A0FEF9FA2E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileyWink.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4513
                                                                                                                                                                                                              Entropy (8bit):7.923205264207793
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTJlJ0NDxK+muSJyXnmlqsOc:nSDS0tKg9E05TbaDxLmuuyXmYsOc
                                                                                                                                                                                                              MD5:A75E7B7FB7225134A01B01C6985086C3
                                                                                                                                                                                                              SHA1:C18649F3DC4CFD551CD861FFAFAB51B98B8CBCE8
                                                                                                                                                                                                              SHA-256:000D8E36A1D432D6F6C182D41DEADB3F3B051CC5C5B32AFCAC6B3A80C4D802EA
                                                                                                                                                                                                              SHA-512:590812B335FB7AC128AEB4012960377AB2E2FC1D03A1418287DDFE074874B9C12D0D76F021126EC7FB06668281C2E91ADB678DB4B3B49E612D3BE74E954DA52F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):318
                                                                                                                                                                                                              Entropy (8bit):6.864702191037678
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPmNp1ZsRgPkHK9SQQxL95uLcIR5lgxmWZ2/vFvgUl7dp:6v/7uNpLmgPe4SQQL9+lggWM/NDz
                                                                                                                                                                                                              MD5:CAF9A4DFDDFD2568B37781AFB55DF16D
                                                                                                                                                                                                              SHA1:60405FE8FE085DC0062B77450A9CE9049552AACB
                                                                                                                                                                                                              SHA-256:05F666FCBD4A108C0DFAEE4BFA0414294694014C35E0603A2E944182C6DA7F2E
                                                                                                                                                                                                              SHA-512:73F133C02944F6FBEB2CD2DD142E2A2808017A1C8153AF8DB2B47143A2BCBFE0FA8E9FFBCC1DA84DC544D8E14FDAF8B34FC1EFF89E60792E84A780D28C32CD38
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....IDATx.c..L....H..A..V~....._!N....1+.W.........A@...f'....P..'..,..'..n.bxu.C..|}.p....c 6P.R.T.(x".C.P.\-..(6(F0XL.1....A.V.]5..5......5...9..M..F..A...X.....`......{.................h.n.[.@....*./...0.@c..........P..10.O.A..5-..........@......%>R....{..,......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\clear-history.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3279
                                                                                                                                                                                                              Entropy (8bit):7.900863279277824
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:CXHt+JcNgOSiS4XsAYNpf2ESN5B6Ee1rEV:2oONgOLPXsAYnIB6Ee1G
                                                                                                                                                                                                              MD5:55FE3A0B1E9F8B4FDB84FC3E206276A2
                                                                                                                                                                                                              SHA1:669B6C3560552027D0C7E4737E1703E52A7D77C0
                                                                                                                                                                                                              SHA-256:5E443B66113C0ED5D2B49EA60E681D9D8B561798ED60C8E53441E63250740E6D
                                                                                                                                                                                                              SHA-512:85E3FBBDE3444D3E8304CA490A9A251D92AE575FE2A0B9A6DE9E86952D958ADF648C106C5DC929B3B2EE2D44114FAEE23635BD57AFEE54F9455FC6A5E642CE5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3287
                                                                                                                                                                                                              Entropy (8bit):7.891546537282907
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODRqVwJkvMG:bSDZ/I09Da01l+gmkyTt6Hk8nTUwCvMG
                                                                                                                                                                                                              MD5:A143CA61BD925BF5831EE74BDDDF1DA4
                                                                                                                                                                                                              SHA1:D0E822D6BACEA7F506481037176E04457D719DC5
                                                                                                                                                                                                              SHA-256:54B97C1D6C6F4D704D16C953FE100D4453FC5592FD9EF5AFB33260890FDB0618
                                                                                                                                                                                                              SHA-512:104544409128871B258B9623E942F07E37CF485C5A3EB3AF0EC8BC99E0D5C756D236F2F63BB267DACA87F6D2DCC0DE03F62C99AB73BC048A0660A80B87A3F308
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\finance.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3410
                                                                                                                                                                                                              Entropy (8bit):7.894828125786389
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTBqBXTmTIDY:bSDS0tKg9E05TB
                                                                                                                                                                                                              MD5:E1A82CF04E37B212A2843D9967FC12C4
                                                                                                                                                                                                              SHA1:F096383C90B7C3A8A397671A2E96F81C2958FB0B
                                                                                                                                                                                                              SHA-256:B866837AB746FAFF5D2C6201A270CECC14D7A57A311ABE5AEA4D32C7E02A1CA8
                                                                                                                                                                                                              SHA-512:965FD8C91B4FFE9D0FEFF9FF416057C9651F05A34FCBCF7EB2B4B15F1B36C01C2DF2E169483BC545CDDBF8478ADCA89298E8A4EF7F344BF2AB7170D058C21AC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\find.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3371
                                                                                                                                                                                                              Entropy (8bit):7.896512358734088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTMdfMVRfAQNq:bSDS0tKg9E05TOfM3fNq
                                                                                                                                                                                                              MD5:148C71F4C4A537A1F286ED3F40D39ADB
                                                                                                                                                                                                              SHA1:9FFDA4FBE2C432191B94A7E71A0295899513AC41
                                                                                                                                                                                                              SHA-256:AF8F54A2730DE3323D559A0D0D4272598BA2F13865C2620152AA4E78037E2048
                                                                                                                                                                                                              SHA-512:8B6B397BEC1DA5EA85E04DB3C0C4E6EB4F9DC4EDC1760EF5FDC62B970182BE4F2E61C391038F71D9F89583CCAF4786EE9CE6039C0E595CCD783C86636750BCB2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3341
                                                                                                                                                                                                              Entropy (8bit):7.887714626414327
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nT2SDZ/I09Da01l+gmkyTt6Hk8nTno/AW0QE+H:T2SDS0tKg9E05TnoIy
                                                                                                                                                                                                              MD5:A66632B80FC122541E246BAD41A3E0EE
                                                                                                                                                                                                              SHA1:2BACE9CCC0D1E4BBDF578755718FB61E60190AB7
                                                                                                                                                                                                              SHA-256:8257229ACA8F9E1BA64A9D881A16817B216A429867E7FB9DF7D15915663B7E67
                                                                                                                                                                                                              SHA-512:0E2F088B7E681C5172548A57F5D175701F9873B8D56ADB06ED633A724AE94FA6E659D80A3A9BFC9FCDF59B311E6CB5A85513FE47DF33A2025073F95A88830BDF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight-disabled.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3217
                                                                                                                                                                                                              Entropy (8bit):7.892286714994252
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTgQCZuEaGOo2:bSDS0tKg9E05TqZaGc
                                                                                                                                                                                                              MD5:DC3494FFF24914D9D2D021BD8D25D6DD
                                                                                                                                                                                                              SHA1:D291D3FFE012D546353FEAA032DE8F427B37C5A5
                                                                                                                                                                                                              SHA-256:974907293EC367914CDAE7AA701000790AC63F1AFE977E06F3A16D4DA37932A5
                                                                                                                                                                                                              SHA-512:2E8612ACCB12FB144C4C656C9664123A68311C115960DD9AA91CF344C6A7ED73C4574E916DD2FB4B56560C3897A39C128F280A5DA1182E0B48DF8A6FA41B8EC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3216
                                                                                                                                                                                                              Entropy (8bit):7.8906601217003995
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODhn1aYaZe3:bSDZ/I09Da01l+gmkyTt6Hk8nTJ11aZu
                                                                                                                                                                                                              MD5:29D046A3F81292EE314864085A63FF81
                                                                                                                                                                                                              SHA1:9B6B8A5E556B475E2E18CE6875D9561AF07DF37C
                                                                                                                                                                                                              SHA-256:B5B6674E9D6CA9441C93D1F14C1203C75DCD3F756C8AB990FB736EB8EA02D1AC
                                                                                                                                                                                                              SHA-512:93933BF98A7E2ADDE07218FF71339386A40D42C55CFDDFBAFB77C8720370999E5276007B1BF1D775D9EB0397A66A34776E081966A4FD0EBED59A1B0E086CC2B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3239
                                                                                                                                                                                                              Entropy (8bit):7.888643295675962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODCRALs03pS:bSDZ/I09Da01l+gmkyTt6Hk8nTdLNZi
                                                                                                                                                                                                              MD5:28FDADB259A8077E09F442CA8EE1FFE5
                                                                                                                                                                                                              SHA1:9F93FD60CFC263758E2893813FC2EBD2AC3BB352
                                                                                                                                                                                                              SHA-256:9B519A9E1A1B17921268F552120BEE46DCBBC0BAA8BD888524BE0F7278172F6A
                                                                                                                                                                                                              SHA-512:E5926D42E2C79DFE415132156CADE34830B98F81D359F8AF2272F7B0B723C93770AA40F4478545ED01F7C4D23B051700641E33F36ACDF8C7E4736B0BA0102F50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo_32x32.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                              Entropy (8bit):7.7115682629611495
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7iMXQbYxUmLXrR83gsck25T8crr2vU3w9lFKms5QQjsa7mwetd2xJ+qjsq+Ka:BbYxUmLXd83RMBwl9g6wo5q/+Kdpi
                                                                                                                                                                                                              MD5:CE93245253E7D87992B0BA17501BCCCE
                                                                                                                                                                                                              SHA1:EB886BDAD9250A51E1DC7C3E46E34AEA684253D0
                                                                                                                                                                                                              SHA-256:CC355E7C9F6C28CA686489EC62307BDA4BBC580D7479794B9080F48E8D1B288D
                                                                                                                                                                                                              SHA-512:CB1FB5E8F26542D22194970CCCDF575780E0D29710576DA925E03A0140FCDB443A58A8CCC0F6993968F0FADFA69D2BC2CA708AA002565A24E5D0E68A7631E6AC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..W.k.Q..^.).:...*.\.......E#..ED...C.]...`..((h...g&....n....z..Q......\r^.....K..~?...|...y.LrL....X.y)3==.e..r....I.....JOc)`r.D<.b.0K..rl..x......9.E......oc...g.....Y.9.>..-..'....{.q.@..|....Nc^...9I.^.=...2.6....@..g...K...@.....D.......z../....A..b....0N......Q....V.:...@...Yu..8.....*).......g...Ik......Q...zp..b.._...'}.W..$....5.M....)...[..)z....UR..<..2.F.m.W....>._i........-3..Y..._.........u.....$.x.-...L.=...g...Wf...l..0...v...J....{..iC..p..x.k!....^...^.rE..8.hFA....s..l...~@...H.#a8...)O:HX[.......p`9f...\.?.ND...rJ.1...P....nq..........a.Q_.l.X{.Z\KV.*.'.]0...#.Rq....o...P........>z.q.....[......,'.S."J1;.w$.s...x......s..."03.&......Rl?`..6.......-6.D.........ZDw>@....X..e.Ym.......QTgD..........4o*>...=.8...,.!r..+.'........u.[...............IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\more-search-providers.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3352
                                                                                                                                                                                                              Entropy (8bit):7.8931164626831265
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD8T/BbqEhZ:bSDZ/I09Da01l+gmkyTt6Hk8nToqeGM
                                                                                                                                                                                                              MD5:3D5838DF2B73465BAE62A24C4227B8DA
                                                                                                                                                                                                              SHA1:6DBC88054A5CEBC0BD528965E232ECA12B7FF841
                                                                                                                                                                                                              SHA-256:910F08F5D49FE7D48E4C04E2A2872B67E5210A16AD10611D89D23009A58AE225
                                                                                                                                                                                                              SHA-512:D6DCE4ACE8CC5823A2E54265D9207C37D84A2D5F43B57E0EBE4BB08C2EC051F507730B46F0F5AD3B90E13DB6C7D4DB1946F0FD3A7B25A5EC14A92769CCB40772
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\music.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):969
                                                                                                                                                                                                              Entropy (8bit):7.762222484405286
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:H99+nx2odKpOu5EoaHoA4JtF7yq3W4T9bx+Z6JEGY:d8x2odKpOmZ6rStF75m4Txx+ZaEGY
                                                                                                                                                                                                              MD5:6CCA94CDF2EB6A5FF419733DF8E89C8B
                                                                                                                                                                                                              SHA1:9B53E137FE7C6FE398403EED10CBFEE303CC2A83
                                                                                                                                                                                                              SHA-256:5F424A3EE5FE6892ECB699ECC07D21A8749166FD5356E6AAFBF6564B0DD0B3F3
                                                                                                                                                                                                              SHA-512:C1D45F195837E4AD1BF78F1BF5A7C418734E69D4C477D807ED34B034E079B35127757E3F29B8725070C4C93063574155A031E88E50CDECA93FF1B6789E85D2ED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...kIDATx.tS]lSe.~.s.sN.u....m...J76p..!Q.2p.h.T.....\.h.z...&^.h.d$#q*.............c.m..u....==?~%$J.O.\}..|....Gvt........l._I)...dd.S.q\..1.x..T./P].,.8......]..]..-.iL._...e.Q..hp#`.....).7L(.$...........D[?.7..*n...Wg..#A2m.Z..d....Df...9g..K..W........H}5.K0+<\../;...os..y..[..k.5%..^I..V..@.1...C.cr.t..MGz./,T...#......z%.>...G5..MG.;:..u..."..,-e....J''p....v........P.....cHmj..w..d[.c...D....... ..v.Y...X..uQ..4........x.68......{..x.i.U....68..5.......s....7..w....JH.V6Q'<."....M5....<.`pFa].W.....90..{c.~...n9..52..AZA.A......h.q_.w..p...{._*Kf.~."...e...e*...g.Y{..]D.w.8.}.......C.Z.....p.^.j.|S..v.J|........Z..,t.<01..''04........l...KB)@..."...].....ja.P.....b@d.|.!........K....$..x......+..(.L-.3..|...ba..Q....C..Q.Z..c...h.*......V.......(...o...`.cl;z./8lf.....7.y...._WEO.;6.._..7g0...Y..a...a.....=..$M.T.S..0._.Y.S.y.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\photos.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3432
                                                                                                                                                                                                              Entropy (8bit):7.890811683389906
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTix2NsDd3:bSDS0tKg9E05TiAgd3
                                                                                                                                                                                                              MD5:3326F38F67E138CD40DF3036A6309F63
                                                                                                                                                                                                              SHA1:8371BACE6C48FC5AF719000E91A627F6DC0CE3AC
                                                                                                                                                                                                              SHA-256:A86EB86BE5BA9BEEA0C3303447F4BAFFF2A8BD49AC2D245F3759C31DE52018FC
                                                                                                                                                                                                              SHA-512:672FD5BDD4753F3E8EB9A30B25E18EA7231DE7208C217E9D55F3A34A794B27626C290E581418229982DEDE7975D21C46E3E9B32F265BCAC8B2FBA56926B5C841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\search-current-site.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):784
                                                                                                                                                                                                              Entropy (8bit):7.695743284796664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72rnSuDO0xkvVXUTDkIPr5vDeQNMV5PhSEbsqs9GaWzL6gsp2xkIoKzxV7:3SkO02dkTD3Pr5vEQI6L2+IoKF
                                                                                                                                                                                                              MD5:7D4CAAD7B62C2F69274E585D326D2A91
                                                                                                                                                                                                              SHA1:815175D8C54D86B622873FD152BDE7482B6B83D8
                                                                                                                                                                                                              SHA-256:8EF5C62F599935ED9448258366E2DCB209338870B902D803F20081494FE46E51
                                                                                                                                                                                                              SHA-512:5FB3D260220150F1461577287D5D273482207F4CDE362391FE81C643C113A598B440A413B35DDD6520DF55B2AB2C3EDB8A24B2EC2AD681FEAC6C382192A31789
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[HTQ...}f.q4...6h$..iY.1..,...!).@.%..b..QH&./fD..`.FTf....S.My..@^f....xV.(...C...f........D....?........H.zS.mD...Pi...6.&...!a...hs5..;....j@............ZI....<...h.?.!{=.......%.<..n.,.A.....2.t...t.7E....F..H....1kB!z:A..P.s.Len^.....mp...z.:l\...LX.....`...m... .\VV..:lUI...9e8.p..f...o........q.......1...?yTb..-.\....R....X...\..IK.E...T....l..7.Im..jPB.../......B.X...L$.{2.......N6>.e'.N.../.JV|...{s.d..5a..TK7F.q....!.6...Y.w..c/.S..l.w........qvgT.T......!.9...'. 1'I...,~O%.:.R..KHt]i>n.>..G.\.u.Q..0....&.."}....CJ....E.>....B....<VS.....a.i....0.e#.. .K.P...(....._.^i..q.4.Xk.%se.;.....3.}x.=...?;KW...B.q.al..a5._+&..F...{H}..O...@j.i.1w.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\social-networks.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3248
                                                                                                                                                                                                              Entropy (8bit):7.891399431000833
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nT5c656Pp:bSDS0tKg9E05T5cy6B
                                                                                                                                                                                                              MD5:C9E37BF72E41F4266CD7BDC875EA61BE
                                                                                                                                                                                                              SHA1:5D808714D82BC227D2B2F973540B2374D3212367
                                                                                                                                                                                                              SHA-256:88CC5CFDD1B66EDC992A9A348634C641A49626EB06116C1247E349DF5089140B
                                                                                                                                                                                                              SHA-512:DBBAFEAC3A52A2F9CC2E69D7E95CF5D0EE6DEA12E42DA4C3DCB7FD1E754CF9B24D2D31309A529885537EB46C14342965C3AD184D606800773D2B481C94E74F7C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\splitter.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3056
                                                                                                                                                                                                              Entropy (8bit):7.8853902232584545
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Q/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD5d101/hu7:QSDZ/I09Da01l+gmkyTt6Hk8nT5Q1JVO
                                                                                                                                                                                                              MD5:AEF0A911384F19305EA555EE444D37BC
                                                                                                                                                                                                              SHA1:5EA082A01AF0E52F12EF89B0D675426C8608B581
                                                                                                                                                                                                              SHA-256:68AFC90D338327ABCAC854A19D8C81EB1F9AA4AE7BFB1F53DBBDE899B4FC9E64
                                                                                                                                                                                                              SHA-512:4A669417979F96D72D0E8CC930E48C3F30C4DE4797C525D21CFCBA5C4D02588C804BA30F03595949E8C4C61B67D712D67E96AA2095EE81AC9EE4F4AE03D1FB27
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............,.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\sweetim-toolbar.css

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4994
                                                                                                                                                                                                              Entropy (8bit):5.055953897720054
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:NHpNbWeC/ElNLI/Qdyc04k4bOoz+Vfh1+4FsXC8Y+b1Ska:NHrS5WNL6Td4k4bOog7+4FsSmpSt
                                                                                                                                                                                                              MD5:73B01090E40193CC727A5FDC58A87FB8
                                                                                                                                                                                                              SHA1:6E1A8174F945A280F7D56B3099206ADAF04D2532
                                                                                                                                                                                                              SHA-256:B60F9FB3F97751D5D05C32DC3F2A417BC086ADE2F7C229D2F95CCD574A8042A2
                                                                                                                                                                                                              SHA-512:C3851B64AE8D3A0BE72EF2ED3C5B700D379A5CCD9FAECBF7F6E5EBC2A80EDF73A38C6FC88F14672B1CD0FDB13DAE409EC0A00970E5946E05EA58B5D1A06E7C04
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");..@namespace html url("http://www.w3.org/1999/xhtml");..@namespace xbl url("http://www.mozilla.org/xbl");......#sim_main_menu_btn_id {.. list-style-image: url("chrome://sweetim-toolbar/skin/logo.png");..}....#sim_search_btn_id ..{.. list-style-image: url("chrome://sweetim-toolbar/skin/web-search-button-glass.png");.. -moz-appearance: none !important;.. -moz-box-orient: horizontal !important;.. /* color for FF 3.6 and later*/.. /*background: -moz-linear-gradient(top, red,yellow,yellow,orange) !important;*/.. background-image: url("chrome://sweetim-toolbar/skin/web-search-button-bg.png");.. -moz-border-radius: 4px;.. border-width: 1px !important;.. border-color: ThreeDShadow !important;.. border-style: solid;.. color: -moz-Text !important;.. font-weight: bold;.. margin-top: 2px !important;.. margin-bottom: 2px !important;.. padding-left: 4px !important;.. pa

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):869
                                                                                                                                                                                                              Entropy (8bit):7.724749684662738
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72uhawVsXDd8HrtpLae7I6TeRg7EGrhLADjCznC9c9qtpMaPhvGklVV5KSChX:6aZXAr+jQUg4GrhLUjCLC9lP4G5KS8X
                                                                                                                                                                                                              MD5:920D3D7C15F7AB6E00F2A8C3593CA86C
                                                                                                                                                                                                              SHA1:74147628E2FCF44B2AF427A67DBE6278E8784416
                                                                                                                                                                                                              SHA-256:8D53BA3EF30AA548B8B5870EBF264863AB28BFB28BA0338337EA81FB10E931D0
                                                                                                                                                                                                              SHA-512:6108CE806BA0210A00A8250EBA0A74AAF9934F000C1EEC6E4750068A46EF4447D275C0A89053933B4E3ACE6529F5425D7F0ABBD7F8C2DDE4961A5FA32E9C0F88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\.[h.y....L&i:.mRl.Z/m...A...ESJ.hY..\...(..(./.y.A.X.a....VE.JD[A7].....K.\L.e2.LlK=p........}.~._.[L_.g...X.....o..s.?.=v.Q......T*..G.gU.D........?...:..U*.w7.`.]]?#z.^....|Q...$M...?dr.&....K.Y...Qq...h.d2e0...|...@.C....:I.....K.B...bo_...X,.iL.UU....]{..f..w....pL.@......9....~..#.%.....J.1.*...'B..U..m.[3t6....4.w......OW.Z.....!..U.g.....L.S&S...`..\N6lX_..z..m.{..$Q....Du5./.........j....dY.{MH..+@(.....O0...2..ZDg..H.4...%..>.n..x<p.6.....".,t..$.......q....o.M2...._...g.-.'...pA.\...}(..G}.&.......'...Rk7i.r...._6...3.#....u...#..s5......%...#..E6.....J...'}....9c..~.E.(!..`.T!y..B.K>.X.%<(Q...W_.......2...).). ..l.....,.,.......i.--..HhL.Q.}..$...Rf..*...Hb...Cnh..T..&.?.e..?v1Q....|...Bk..........!.................IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg-hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):976
                                                                                                                                                                                                              Entropy (8bit):2.7857896514822174
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhP0ul0+wP6fn7FmT/2NA39NF3wKuNR431pXp:6v/7RyP6n7FmqC9/3luNR61T
                                                                                                                                                                                                              MD5:B1E5876DB65289C13C4977F89810E8A3
                                                                                                                                                                                                              SHA1:1060397CE54CD3F14D37263D0BB87A502F18F300
                                                                                                                                                                                                              SHA-256:F238F4D203FC49E5F80F63F98937F0D599CEFC6C8DE8318F08592BCD88B21D18
                                                                                                                                                                                                              SHA-512:B0247636B355B68576AAE88179D3D5A8B8507203D714DC4284748C98C21F9082A0C04CD6B9333699ADE661BEE58EFB2F554FB9004D4876E2BF6659749E07B1B6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE.........................."..'..'..(..(../..3..4..;..6..;..<..>..C..D..F..C..G..V..h..i..y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z0.....tEXtSoftware.Paint.NET v3.5.2..iC...VIDAT(SE....P.C.+.2.w.T...L.&\O..w..8..m.h.,n.....x....NT".7.).Q."]R.51.cd.$.y.,1../.$..........IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):981
                                                                                                                                                                                                              Entropy (8bit):2.888407959176497
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7RIy6QksPeAbLJ7G9vcC37KT1ZlyT7NV:dyxAAHJgEO7KbwTRV
                                                                                                                                                                                                              MD5:496F02D84BDCBF2EEF447CA153D1896D
                                                                                                                                                                                                              SHA1:9500DF7258DD9112C24D54772D550E26739EC2A5
                                                                                                                                                                                                              SHA-256:04FD558E122BDD2E2D40AE2BCBB82FAE73F5C9BCB19DED56BDD6C1DD39355B8F
                                                                                                                                                                                                              SHA-512:AA49E9FB7B6255E2EDB72754EFB62C08CA486378824DCF349305B625B9B7731321D12FED396833467A7B5AE231BAF2B5BBF400F51C9D5D72B0DEC2497EE4BB95
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE..................................................'..*..+..;..<..3../..4..5..8..=..O..@..A..b..c..s..{...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................G.R....tEXtSoftware.Paint.NET v3.5.2..iC...[IDAT(SE...P...!)Iqr.T..%.......3...h.....(N....*......7.....|..Y.R.E..Y.....7..C4.1..^....v.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-glass.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):808
                                                                                                                                                                                                              Entropy (8bit):7.5250979472444355
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7fwb9aXjZ9t8epIzfIgZsZQc8PXbfTNKmJ6SXE8CBxkuDCfwwxxnXNWxUec:Db9azftTaIZQrbf4mJxXEJ4f3xnXL
                                                                                                                                                                                                              MD5:6863D0B8DD6CB1DAA8F024340EBEF2EC
                                                                                                                                                                                                              SHA1:153107E528C2531A48F3297171A94A6172F4B5D3
                                                                                                                                                                                                              SHA-256:AA79352FEDB4FC20672861188C1D241EFD5236937978EBA04878F6AF5732791F
                                                                                                                                                                                                              SHA-512:EBE4F11A56497EA51546EF581D84705298B0C54DDEF801B14CA754572545134C61C32D3A118A9BF45A68E09F0452D8D8F2F86BE32CB5CAC307B6042A791CA15E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............].....gAMA.....Z.... cHRM..xZ..o=......z...H.......9....q@T......pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.2..iC...yIDAT8O..]HSq..W.}Bu.UT7.tSQA%EtQ.....1FY.uLd..v.:57ga.N(...}AP..Xu....B.......=..v".gI]t..=......>..(...2.KH..=8hv...~.Z........E....0;...u..;...q .D....H.......(.\.,...7..4..W....{..E?`..FU..R..;..a.;2..I`.[~.~rE."..s.B....Z#.9..9:.}.w........=.O....#W..0..HZ....`.3.v..Cb...S....}.ls.........g.K-..n....OY`.2..8...wG....Z.di.._..8.n..0./...q.=.5.GG.g...\h..;..............K_).~\.0@p.@..DK...(.....@06.[k4.*.4.d......0b'.@....?..;.6O4.x.i..z..R..)O....-8G3!...|..ju..-._a+i.....S....}.gC".#....b..f....y:<j>7...g.......Y.^u=-.)Y_,;../.A..T(s.....Z.......hK5.G.BmF.3e.{.u.d.d...-.^"..!r.....\.*.VI...r.....Bh.+.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3337
                                                                                                                                                                                                              Entropy (8bit):7.886640514351696
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTt/4E/TS:bSDS0tKg9E05T/S
                                                                                                                                                                                                              MD5:3E2E639063054CCB59DB68C2A9243AFB
                                                                                                                                                                                                              SHA1:FD9461012CFA0ABD8333645E6A55B87DC5AC6537
                                                                                                                                                                                                              SHA-256:5D79D48F3FC4EEEF3A8C46FEF30DF602BE257730F841B99BECE79F7D9356D7E6
                                                                                                                                                                                                              SHA-512:730CF2834D48BDDA697E580064DAE1060D057A9F39D33C8A632D790F7E0B3097DD70421E31C09D33A914E763CB1C39E2C75554D8F6B4EB11B45A8962E8FBBA37
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442
                                                                                                                                                                                                              Entropy (8bit):7.104637400753022
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/78f2s/6T6is1kJ4nnQmCOZBw4r9Ah/kmZscG2E3d:Z2s/6WR1KcnQcF9csmGF3d
                                                                                                                                                                                                              MD5:F64113435D357717C72EBF0E86B317E6
                                                                                                                                                                                                              SHA1:85CA037F08378619D4322A7F4EDBB5FC55AEFC5E
                                                                                                                                                                                                              SHA-256:A3DB26273631B16D9F68100C2C8B9096C899B320AE2C3EE787D31D6DBC0826E9
                                                                                                                                                                                                              SHA-512:F7B60E594EFFDD05E84C8583F205A32BFB87BB4CB084F0B49FDEAF5797B4128AA4B2D72A7FB1FB4FC112CAFF1958C1632E19ED658C564727656604746BECF616
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....sRGB.........bKGD..............pHYs.................tIME.....;'.x.....:IDAT8..!k.@......P"B....S..G..(....eT.15..c.b?`..b.....U#...pb.....L.;r./.^u.}.......yx.Pde...UNA2..EH...7.S..dw.u.....n..G.`|...."+....d5$.!.Jj...Qr.*....J:Q@....*.:=M..S.../.....>_>........r.+...s....\.f..(.d.X..mW...%5.|.\.=.......?.y~.,.%5....%...Q..YY......c....-..N.6.6I.a...1J.\.\y.....Y...jH;.....J...v......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9648
                                                                                                                                                                                                              Entropy (8bit):4.9386302416157895
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:BJYDxEranuKJKKgbK7dAKyK+i2vRJx7fhhg9pJt1dR0M5:BJegKkKgbK76KyKQJxlhq5
                                                                                                                                                                                                              MD5:C646B5F72E465DD579A4485EBD5518E5
                                                                                                                                                                                                              SHA1:0696375F062FCED5BBB07146D3B21B319B19E862
                                                                                                                                                                                                              SHA-256:9413FD6BF893C926EB6D6908E494A1BB710EA8A9CEA355011D5E3C4249D63F32
                                                                                                                                                                                                              SHA-512:6E1C68587441512974EE6B2654FB05D59D571343234B0EDC3069AD7A5E3D96DEB4751BB18881C799CEE9121D14BB98E95694AB81D849C7D86042F09023153CAB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// original file:..// "How to implement custom autocomplete search component"..// http://developer.mozilla.org/en/docs/How_to_implement_custom_autocomplete_search_component....// logs an exception..function logException(e)..{.. var message;.. message = "Exception:";.. .. if (e.name).. message += ", name=" + e.name;.. if (e.message).. message += ", message=" + e.message;.. if (e.number).. message += ", number=" + e.number;.. if (e.lineNumber).. message += ", lineNumber=" + e.lineNumber;.. if (e.stack).. message += ", stack=" + e.stack; .. .. if (!e.message).. message += ", full=" + e.toString();.. // dump(message);..}....// load external JS files...// the component is loaded in different namespace than browser..// (e.g. "gBrowser" is not defined here), so we _dont_ need to explictly load it in..// a dedicated namespace object, as done in main.js..var loader = null;..try{.. loader = Components.classes["@mozi

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1630
                                                                                                                                                                                                              Entropy (8bit):5.50969037695185
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:kYH7siLPNKP4p9LN4peoVAHd7wORaN008mZ863VA:bHfDQelSOMNH8Ue
                                                                                                                                                                                                              MD5:C2DD6535605B8AECA43BCBF777F96262
                                                                                                                                                                                                              SHA1:1A037398321F63475887809CD2E1A4A92036DC98
                                                                                                                                                                                                              SHA-256:C3541B4C8C083B134158D839BF5348204E02C48546FB88B4A9933506DE6B5DA3
                                                                                                                                                                                                              SHA-512:84A4B20FE3B354F33F0023F21BB264095F4CE16830D18A0FA24B967E9E974B9D57AA4135E97B6599053DFAB6CCAAB8681956FF2E590E9A9567FA5D3B8A22ECD8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#".. xmlns:em="http://www.mozilla.org/2004/em-rdf#">.... <Description about="urn:mozilla:install-manifest">.... Required Items -->.. <em:id>{EEE6C361-6118-11DC-9C72-001320C79847}</em:id>.. <em:name>SweetIM Toolbar for Firefox</em:name>.. <em:version>1.3.0.1</em:version>..... Firefox -->.. <em:targetApplication>.. <Description>.. <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>.. <em:minVersion>2.0.0.0</em:minVersion>.. <em:maxVersion>7.0.*</em:maxVersion>.. </Description>.. </em:targetApplication>.... Optional Items -->.. <em:creator>SweetIM Technologies LTD.</em:creator>.. <em:description>all about fun</em:description>.. <em:iconURL>chrome://sweetim-toolbar/skin/logo_32x32.png</em:iconURL>.. <em:homepageURL>http://www.sweetim.com</em:homepa

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF, LF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10165
                                                                                                                                                                                                              Entropy (8bit):5.509149856198788
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJShcW:yegqumcwQ8cW
                                                                                                                                                                                                              MD5:A35916A243C1D7D26270012A4D4E1A47
                                                                                                                                                                                                              SHA1:08007DF6066A75CE3EEB3BB4C8617A6E0650CDBB
                                                                                                                                                                                                              SHA-256:1FE0D7A5296C1916F2F7866D8A343A4DA20183353B811F60249D8CE3A09750A8
                                                                                                                                                                                                              SHA-512:61D8F0C4741F368E8824BD569E9AA452C85C7EE85D07AEBF36D033B05C6464C2B567D92300739E5C261FC0E104BF730E0AB206927ACE0A530553E15144DB9E2E
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\searchplugins\sweetim.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3547), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3915
                                                                                                                                                                                                              Entropy (8bit):4.5039484079313326
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:65Vc7FggKebtnL/6q0P7ETojlQXdMdnL2DD:6nc7VKStnT6DxhSDD
                                                                                                                                                                                                              MD5:EF691DD0310399372EAD6FACEEDBE1BB
                                                                                                                                                                                                              SHA1:4F1FA12B9751F78D8B3BF648AEB72C8AC2AB069D
                                                                                                                                                                                                              SHA-256:75E16E17C0299FD6BA42BB0BA8C8AA465634D6395C8DBAEC6E97066468C22AC1
                                                                                                                                                                                                              SHA-512:370EB8D795AB0B676D45602D8750193D795CF455C5492062B6475579EC52BA817A4138A51829EDF028E52DAA216B63B93A7FEDABB552907E0BA0C8A15AFD2A4E
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">...<ShortName>SweetIM Search</ShortName>...<Description>Use SweetIM to search the Web.</Description>...<InputEncoding>UTF-8</InputEncoding>.. <Image width="16" height="16">data:image/x-icon;base64,AAABAAMAEBAAAAEAGABoAwAANgAAABAQAAABAAgAaAUAAJ4DAAAQEBAAAQAEACgBAAAGCQAAKAAAABAAAAAgAAAAAQAYAAAAAABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5ubkZGRjY2Njs7O1dXV4aGhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH19fSAgIAAKQQATegAUhQAUiwAQawYKHE5OTgAAAAAAAAAAAAAAAAAAAAAAAHt7ewoMHgAbtQAWmAAHLwADFQAGKAAVjgAj6AAQajs7OwAAAAAAAAAAAAAAAJOTkxoaHwAcvQARcAAFHQAVkQAezgAcvgARbgAOXgAi5gAOW2BgYAAAAAAAAAAAAF5eXgAJPAAi6wAUiQAj8AAm/wAl+gAl/AAm/wAg3QAh4AAdwxgYGZWVlQAAAAAAAC4uLgAKQQAm/wAm/wAk9gAk9AAk9AAk9AAk9AAk9wAm/wAdyAAAAnd3dwAAAAAAAB4eHgACDQAf0wAm/wAk8wAk9gAl+QAk9wAk9AAk9QAn/wASdQAAAGdnZwAAAI2NjRMTEwAAAAAHLgAg2AAo/wAh4AEYpgAe0AAn/wAm/wAVjwABBAAAAxcXG3d3dyYnLAAdwwAWkwAAAAAVjgARcgAZqw

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13547
                                                                                                                                                                                                              Entropy (8bit):5.600589013116383
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9ycDu2ADT0g95uCs/GJVzbix/urF8g1YDLbax6kTTLSh:93C2A30g95js/GJFk2N1YDLb+l+
                                                                                                                                                                                                              MD5:810FA593D44397BD13FEB001B684EAE2
                                                                                                                                                                                                              SHA1:8223EFAA0D30A289A20B864CA1FC622852AB8201
                                                                                                                                                                                                              SHA-256:35A08311303FA255B0A9793F438C1229FF9DF946E759D52646093727007DD82E
                                                                                                                                                                                                              SHA-512:42008E31A4370D4A94B3F6FA0CF985341EE9E12D850AD06EC7379B6A71814F094F76075894A486756A3BC0B21F4FD54B6710813CE0A8ABC2612CF2B0685107BE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Manifest-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT...Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: CNsMWcvyVJA/R2OJD6jx7A==.SHA1-Digest: CQFIbsAHoE930lqhuKYzr0G75EY=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: cM97qpn/6M3P29jecDGsCQ==.SHA1-Digest: HGRfWAVRf6I1fjqtqjZlUY7bcvs=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: IzUsJtYOU3KF6RykwlY6lA==.SHA1-Digest: XjsqnQzlqCFErToou6kmfniWJFE=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZK/MV+wuXVbLbSGv6ayLog==.SHA1-Digest: 0HFQT6/U9YtyFnqydQ3XPVRX/bM=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: ZX2m/MJXYRHfOXcj/QPKWQ==.SHA1-Digest: 7MjtzoexiMvSnp6aGpMF/6HcHGQ=..Name: chrome/sweetim-toolbar/content/config.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: p

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13655
                                                                                                                                                                                                              Entropy (8bit):5.6040651112820905
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:WkA5g0iCoVcI/jdhBJNmDm+lP/eBSjSesuBVyOK6+ZEb5Mw7T4+sKr8tTciJcoC9:P37LBJNmDfB/eBSjnsLKwzF8J2M1
                                                                                                                                                                                                              MD5:59EC97C3D819001C0A897B38A7624473
                                                                                                                                                                                                              SHA1:D535037A3EC3601C7307EADFCD0AFE52747FB830
                                                                                                                                                                                                              SHA-256:13D9271BA7EBBE28508A4EBFCD6775BC1DD3459C5A9D4D8C1CF7F79E7323DDA8
                                                                                                                                                                                                              SHA-512:21A80FDA8D9F3B8EF957F94B7F4F429CD8D37637490DFB3D1C4E941D3F9DE59835162D7DE7C992C1B57B3AB0064655AA19E44AA93D30C3308413D87BBD03E1BA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Signature-Version: 1.0.Created-By: Signtool (signtool 1.3).Comments: PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT..Digest-Algorithms: MD5 SHA1.MD5-Digest: f2XP9lsoHe04PBOvuFXL5g==.SHA1-Digest: 8RHZ0uUrxScBNJtHgI/t7stA9yA=..Name: chrome/sweetim-toolbar/content/addonlistener.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: w8i3Rt3DxPL6b05cKNpsPw==.SHA1-Digest: 3odNPduNL9VoljP4mprIcpgF4zc=..Name: chrome/sweetim-toolbar/content/addonmanager.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: 2YvLgsIg6k332XHkG6KEFA==.SHA1-Digest: ZvTVKYjibgcpdMsLQbe+A93OY1M=..Name: chrome/sweetim-toolbar/content/bindings.xml.Digest-Algorithms: MD5 SHA1.MD5-Digest: 1pyJGkn2pnE1+gMPhWrmww==.SHA1-Digest: 1uXwwQEdM+fCinL2psHcZId2oMc=..Name: chrome/sweetim-toolbar/content/chevron.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: lOla/YC5L6pzcewNgLywJw==.SHA1-Digest: vPI+B5kuDtUVY4PRGNE0z84Fnl0=..Name: chrome/sweetim-toolbar/content/commands.js.Digest-Algorithms: MD5 SHA1.MD5-Digest: AK1Es9lxyQoNYOJwLNf3SA==.SHA1-Digest: RUAGcms4e0

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                              Entropy (8bit):4.884991274360526
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:4yp61ZTeXK17sZSaK1vZW29F1211e71KwobrZ19M91Z+1WEA61nlHKgs0KIk1kv9:47uXKRVlFYq5c1bQCIaPKgsBI191IIv
                                                                                                                                                                                                              MD5:BE04EC8D2EC3BAE591464CD1B717CA38
                                                                                                                                                                                                              SHA1:91920930B8512885B18B76B94DFE74401B95D299
                                                                                                                                                                                                              SHA-256:011A1E4C9C00DE7D49EF66FFF9A0F28AB3BFEDA738CCCE95A046B6B0B6255FA8
                                                                                                                                                                                                              SHA-512:7B026AE4564DAEFB3AEA64351ADF9AA23FAD571DFA4B08AA1700BBE20DA586D33F170B8CB29609F10D07B3828B47F5F0D443300C2501EBA58E9C2A328976BEA2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:content sweetim-toolbar chrome/sweetim-toolbar/content/..locale sweetim-toolbar de-DE chrome/sweetim-toolbar/locale/de-DE/..locale sweetim-toolbar en-US chrome/sweetim-toolbar/locale/en-US/..locale sweetim-toolbar es-ES chrome/sweetim-toolbar/locale/es-ES/..locale sweetim-toolbar fr-FR chrome/sweetim-toolbar/locale/fr-FR/..locale sweetim-toolbar it-IT chrome/sweetim-toolbar/locale/it-IT/..locale sweetim-toolbar nl-NL chrome/sweetim-toolbar/locale/nl-NL/..overlay chrome://browser/content/browser.xul chrome://sweetim-toolbar/content/sweetim-toolbar.xul..skin sweetim-toolbar classic/1.0 chrome/sweetim-toolbar/skin/....# from gecko 2 (FF 4), we need to explicitly register components..# auto complete component:..component {EEE6C362-6118-11DC-9C72-001320C79847} components/SIMAutoCompleteSearch.js..contract @mozilla.org/autocomplete/search;1?name=sweetim-autocomplete {EEE6C362-6118-11DC-9C72-001320C79847}..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonlistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4131
                                                                                                                                                                                                              Entropy (8bit):4.625588950617717
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:742dJHodJ1k18XJxrWQMJzfZJTnJs4Gocs/vT8udODZiQrOQJy5JCZnRkg6ARkAp:z8hu8LCC4Gob78BBCg9ChK
                                                                                                                                                                                                              MD5:08DB0C59CBF254903F4763890FA8F1EC
                                                                                                                                                                                                              SHA1:0901486EC007A04F77D25AA1B8A633AF41BBE446
                                                                                                                                                                                                              SHA-256:7A84952782D85681375BF0EEF6E0861B81DAF6AC6230E86082E49BC6FB49B2F8
                                                                                                                                                                                                              SHA-512:D738192F28BE485E860CA632D60BC92D0C07D881AA0AE5F39E986F60D8870B0B6D62612A0A27D464BB1E5A2B3A5930F13EBBEE6B1E37DD71887833F190E975AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// "AddonListener" was introduced in Gecko 2 (FF4)....var g_sim_AddonListener = {.. onEnabling: function (addon, needsRestart) {.. //dump("\n XXX onEnabling \n");.. },.. onEnabled: function (addon) {.. //dump("\n XXX onEnabled \n");.. },.. onDisabling: function (addon, needsRestart) {.. //dump("\n XXX onDisabling \n");.. },.. onDisabled: function (addon) {.. //dump("\n XXX onDisabled \n");.. },.. onInstalling: function (addon, needsRestart) {.. //dump("\n XXX onInstalling \n");.. },.. onInstalled: function (addon) {.. //dump("\n XXX onInstalled \n");.. },.. onUninstalling: function (addon, needsRestart) {.. //dump("\n XXX onUninstalling \n");.. try {.. logEnter();.. if (addon.id == g_SWEETIM_EXTENSION_UUID) {.. sim_g_SIMUninstallData = simOnUninstallConfirmedByUser();.... // since we cant receive "onUninstalled" event, we continue the un-i

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\addonmanager.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3052
                                                                                                                                                                                                              Entropy (8bit):4.531395341231766
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:VUNczcsspPiyV1Db+mCOZODrZX05IcNY2Wa+l1A:nAB0OgDVAINN11A
                                                                                                                                                                                                              MD5:70CF7BAA99FFE8CDCFDBD8DE7031AC09
                                                                                                                                                                                                              SHA1:1C645F5805517FA2357E3AADAA3665518EDB72FB
                                                                                                                                                                                                              SHA-256:113EEF2B585C045A77C0253B0201FFBC970A4CAF3033D38627D45C90939378CE
                                                                                                                                                                                                              SHA-512:B613B1F8FEFCF0FC8AB6C02D00E0141D988EC5F95B05030CE5FF97E1C6C889AC48090AE3DAE8883551EBCB56110E828549C0B854EF2AAB8D6CFC81A2B546E1C7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// wrapper for addons manager data...// for FF4 and later we use "AddonManager.jsm" (introduced only on Gecko 2, FF4)..// for FF3 and before, we use "extensions/manager;1"......// globals, used for getting version in FF4..var sim_g_addon_version = null;..var sim_g_addon_name = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.... logEnter();.... if (sim_g_event != null) {.. // step 1.. // set global value.. sim_g_addon_version = addon.version;.. sim_g_addon_name = addon.name;.... // step 2.. // set evant.. sim_g_event.value = true;.. } else {.. logSevere("sim_g_event is null, we got here too late or too early");.. }.. } catch (e) {.. logSevere2(e);.. }..}....function SIMAddonDetails() {.. this._version = null;.. this._name = null;..}....// gets the addon details, in a way relevent to FF version,..// and puts result

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\bindings.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1519
                                                                                                                                                                                                              Entropy (8bit):4.410561293172547
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:8TX667LYXcAr/NHxq0+3GAQY7RR1tY2T6RtY86p9WRctqUyn:xJ7r/f5yLT6eCRcJyn
                                                                                                                                                                                                              MD5:23352C26D60E537285E91CA4C2563A94
                                                                                                                                                                                                              SHA1:5E3B2A9D0CE5A82144AD3A28BBA9267E78962451
                                                                                                                                                                                                              SHA-256:6BE86B7E71BEE837C855C48032E525677BA5071961D03FFD6D1676168A642142
                                                                                                                                                                                                              SHA-512:991CE985948A1CAEC21CB616F46138BD3A44D3EF08E02C34CA8EE5146BABDDAB62D37D4B873A8010D0B89599C431AC2810B6D6BA2BFEB7ADC8B443B6694DFC88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0"?>..<bindings id="SweetIMBindings".. xmlns="http://www.mozilla.org/xbl".. xmlns:html="http://www.w3.org/1999/xhtml".. xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul".. xmlns:xbl="http://www.mozilla.org/xbl">.... <binding id="sweetim-autocomplete-result-popup".. extends="chrome://global/content/bindings/autocomplete.xml#autocomplete-result-popup">.. .<implementation implements="nsIAutoCompletePopup">.....<property name="showCommentColumn".. onget="return this.mShowCommentColumn;">.. <setter>.. <![CDATA[.. var treecolValue = document.getElementById("treecolAutoCompleteValue");.. if (!val && this.mShowCommentColumn).. {.. treecolValue.setAttribute("flex", 1);.. this.removeColumn("treecolAutoCompleteComment");.. }.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\chevron.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13924
                                                                                                                                                                                                              Entropy (8bit):4.6059793934114515
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:iVftcobtdfWZDSH555lKQI8xkWaD5+BtidxccSqaF5hxtCGsRlVbF:iV15Jdb6+Bti31SqaF5vtC9lVbF
                                                                                                                                                                                                              MD5:64AFCC57EC2E5D56CB6D21AFE9AC8BA2
                                                                                                                                                                                                              SHA1:D071504FAFD4F58B72167AB2750DD73D5457FDB3
                                                                                                                                                                                                              SHA-256:F878C7FFAC03B2C60BA419E7F8D074AB9693D5C4CE6DC4C5B16B7077194279CA
                                                                                                                                                                                                              SHA-512:6C859A0EC91A688F1E07684F7EB9F20FAB7678B16DF7F2FC281C15BD3D47040C6FC2733F51C383128C8AC9C2C3085D7BC2B7ADDC8156054594FE8E9B386A8394
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simClearChevronMenu()..{.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. while (oMenu.firstChild).. {.. oMenu.removeChild(oMenu.firstChild);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simGetCountChevronMenu()..{.. var result = 0;.. try.. {.. var oMenu = simMyGetElementById('sim_chevron_menu');.. result = oMenu.childNodes.length;.. }.. catch(e).. {.. logSevere2(e);.. }.. return result;..}......// TODO move this functiosn to new "utils.js"..function simGetChildElementById(parent, id)..{.. for (var i=0; i<parent.childNodes.length; i++).. {.. if (parent.childNodes[i].id == id).. {.. return parent.childNodes[i];.. }.. }.. return null;..}......function simGetElemWidthForNotCollapsed(oElem)..{.. var width;.. .. if (oElem.hasAttribute('collapsed') && oElem.getAttribute('collapsed')).. {

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\commands.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3720
                                                                                                                                                                                                              Entropy (8bit):4.732388643383319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:H8cFlhDSbeaUrYCp/zse1RLDvyjz985VH0UfkliWeVHV9xx2hMVNeVZENVvIsH:ccFlxSKaaDFm/98b6xeVtNbH
                                                                                                                                                                                                              MD5:657DA6FCC2576111DF397723FD03CA59
                                                                                                                                                                                                              SHA1:ECC8EDCE87B188CBD29E9E9A1A9305FFA1DC1C64
                                                                                                                                                                                                              SHA-256:93E512E98EFDE14499E6373115E2565ECAF4E26EF920BD039FEDC73768DEABD7
                                                                                                                                                                                                              SHA-512:BA284D75D27D520894BD8A3FB1728C3F198945738A8B3D759837CF2FEC7FAF24CD95653716DEC3E6FE309AE5040575B31CD97C67881C252D17DB988C475B1648
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// trying to be close to code in IE....function simParseAllVars(url)..{.. try.. {.. if (url.indexOf("%sim_search_combo")>=0).. {.. var searchTermsEncoded;.. searchTermsEncoded = simOnSearch();.. url = url.replace("%sim_search_combo", searchTermsEncoded);.. }.. if (url.indexOf("%domain")>=0).. {.. var domain = simGetSelectedTabHost();.. url = url.replace("%domain", domain);.. }.. if (url.indexOf("%toolbar_id")>=0).. {.. var appid = simGetConfigString("simapp_id");.. url = url.replace("%toolbar_id", appid);.. }.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return url;.. ..}....function simNavigateToURL(url)..{.. try.. {.. logEnter ();.. .. // parse vars.. url = simParseAllVars(url);.. .. // Set the browser window's location to the incoming URL.. window._content.docu

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\config.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5896
                                                                                                                                                                                                              Entropy (8bit):4.541238924519937
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XjE3geVhCa6rHUjwYOJY62Nod0qLdYNne4DLM5tYDUkeCalqN85q:zpeVhCa6rHU0YOJYv20jNeycegkZ9Uq
                                                                                                                                                                                                              MD5:A53978F00A102A62E01A3E43CB5EBDBE
                                                                                                                                                                                                              SHA1:E829F60DA3F8105C0D65F7EFE139C629468172C4
                                                                                                                                                                                                              SHA-256:C1B7491D50D19286166CD2511984736368315D4ABAE7C3B8E3836351543749A0
                                                                                                                                                                                                              SHA-512:9083FD8E4C4D8E4E9444EE1DCD99FFEFB9AD6E2DE6D5F68DE008DCEAE3CFFE510866B6E4C76AF17A04C51F8C15827225361C8F7916BECA40C8C5E243D4128268
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// local helper..function simGetPreferences()..{.. if (sim_g_iPreferences != null).. return sim_g_iPreferences;.. try .. {.. sim_g_iPreferences = kCC["@mozilla.org/preferences-service;1"].getService(kCI.nsIPrefService);.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return sim_g_iPreferences; ..}....// debug helper..function logBranch(branch)..{.. try .. {.. var count;.. var array = new Array();.. var obj = new Object();.. .. .. // see http://developer.mozilla.org/en/docs/nsIPrefBranch.. array = branch.getChildList("", obj);.. count = obj.value;.. .. for(var i=0; i<count; i++).. {.. logInfo("[item " +i+ " ]" + array[i]);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simDeleteBranch(name)..{.. var prefs;.. var branch;.. .. try.. {.. prefs = simGetPreferences();.. branch = prefs.getBran

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu-handler.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):16022
                                                                                                                                                                                                              Entropy (8bit):5.164579735638881
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:oJPA3ed6vyJNKMZEYZKK/bTE4tv/j95JM5JV7osxmS7TJLQwlKeMuuC2suizrf7:ePA3edmQNKMZEYZKK/bTE4tv/xMrVRm8
                                                                                                                                                                                                              MD5:2B4FD08FBBE235E21CB29060CE159459
                                                                                                                                                                                                              SHA1:B7FB723D552129FEEAAE7CCA46EDB18A54849C44
                                                                                                                                                                                                              SHA-256:148B0E27BC88BFB16BA9FA0B1963B5F3FB6FA14D4B971EDB3E85268386644B0B
                                                                                                                                                                                                              SHA-512:EC60097A623E9CEAE81AC0D819BABF4B48CFE277B7B6BD2B1625904AB897330DC31D67B850E77C2721159542B4F28EF5EE1DB5BB90144FE6F07D37E64014261E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:/*** Constants ***/..const SIM_BROWSERCOMP_MENU_ID = "id_browser_sim_content_menu";..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";....const BRW_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const BRW_NOTIFY_LOCATION = Components.interfaces.nsIWebProgress.NOTIFY_LOCATION;....const BRW_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const BRW_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;..const BRW_STATE_TRANSFERRING = Components.interfaces.nsIWebProgressListener.STATE_TRANSFERRING;..const BRW_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..../*** End Constants ***/..../*** Members ***/..var sim_mouseOut = true;..var sim_closeBubbleWindow = false;....//Listen to browser navigation, progress, netvork, security events..var sim_bubbleBrowserProgressListener = ..{...QueryInterface: function(aIID) {....var result = null;....if(aIID.equals(Components.interfaces.nsIWeb

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\contentmenu.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3711
                                                                                                                                                                                                              Entropy (8bit):4.586487379339707
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Vv7HHeL0tgDxRILL1BtH/N0kZp/V6bZ6+oCyhXHbgB1RulleK9s19j/h1OLXy:pIdE1BtZZSloL9sB1o/ZCj/rmXy
                                                                                                                                                                                                              MD5:089FBACD08F66ACB256605630CAEB58C
                                                                                                                                                                                                              SHA1:6A2156806CADD3144F4655F6D688DA27FE89EF73
                                                                                                                                                                                                              SHA-256:29C510DA7814E46549C31EAA84204B88CE3616343E1EC7535ED0EF2DF828A786
                                                                                                                                                                                                              SHA-512:CA32B03181E9D398B025F2E35BBCE0D64C2A086C1606EFAB97B1F6CDA4A4F29AA380403736A56F6F4DDBA778507F186BF579ACE3C148C510B43B40F663E5C34F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_TOOLBAR_BUTTON_ID = "sim_sweetim_btn";..var sim_g_wndContentMenu = null;....function simPreventDefaultProcessing(event)..{...try...{....if (sim_g_wndContentMenu.simTargetWindow)....{.....event.preventDefault();.....event.stopPropagation();.....event.target.parentNode.open = false;....}...}...catch(e)...{....logSevere2(e);...}..}....function SIMPoint()..{.. this._x = 0;.. this._y = 0; ..}....function simComputeContentMenuLocation()..{.. var oPoint = null;.... // step 1.. // get button.. var oButton = simMyGetElementById(SIM_TOOLBAR_BUTTON_ID);.. if (oButton != null).. {.. // step 2.. // check if current tab is opened with addons manager.. var bAddonsManagerTab;.. bAddonsManagerTab = simIsCurrentTabOfAddonManager();.. if (bAddonsManagerTab){.. // !! we get here also for "empty" tab.. // we should hide the menu.. // this is done by caller, when he gets point as null.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\cookies.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8608
                                                                                                                                                                                                              Entropy (8bit):4.625604721501032
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:J8WDV0lxkzQMqZRCdvWyx5c+KQby7DwcsF8cm:T+4dY
                                                                                                                                                                                                              MD5:1F46872FF3A64F893C4E43C081D375C8
                                                                                                                                                                                                              SHA1:DC24DFE5A9FC509A78E57F0CB4516B646D98CD30
                                                                                                                                                                                                              SHA-256:BFF21988F70894E777229045F3B70D50659F084658CCC5424F534D175E2651E4
                                                                                                                                                                                                              SHA-512:79451B08E2695B19A6B09BB45AE291C5F3176FC582969498A946ADF6662D43A2A0380A87B3B3548BFB1E7471631F645C94C53ABBA766048CF74100B63003FB50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_COOKIE_NAME = "SIMAPPID";..const SIM_COOKIE_HOST = ".sweetim.com";......// In 1.9+ and later there is new param "httpOnly"..// to nsICookieManager2:add..function simGetIsGecko19OrLater()..{.. var isGecko19 = false;.. if (kCI.nsIXULAppInfo).. {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, "1.9") >= 0).. {.. isGecko19 = true;.. }.. }.. return isGecko19;..}....var sim_g_CookiesObserver = {....// members.._registered: false,....// method: observe..observe : function(subject, topic, data)..{.. try.. {.. if (topic == "cookie-changed").. {.. // see http://developer.mozilla.org/En/NsICookieService.. if(data == "cleared" || data == "deleted").. {.. var verify =

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\domainutils.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                              Entropy (8bit):4.556954689157478
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:5YPwVFM/wVMMQq8EwK04sA1jFBAZFtJ5stxNYUXi5MIm4gz21icL:5YSFMCMMzZF04sSBqFtJ5stxN4Zm4gK/
                                                                                                                                                                                                              MD5:3A394379FE27CCBEE9FCACAD25A89624
                                                                                                                                                                                                              SHA1:9573282380AF9404FBE89F87E4A8AB2C8EA5A785
                                                                                                                                                                                                              SHA-256:8F87D2A1D2B63DCCED8AE3219A905A22129A5C9D05CCFE80123A1DFA8EAA4CC2
                                                                                                                                                                                                              SHA-512:7FD6A89AA8439F686222320E41F443CDD529662CC1B08D991BF41CC092C3971EDA0FA0B98E8AB6605F6F4D554A29694F061C05654435BA9590B5AE6BE6BD7D44
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:function getDomainNameFromURL(sURL) {.. sURL = sURL.replace("http://", "");.. sURL = sURL.replace("https://", "");.. var slash = sURL.indexOf("/");.. if (slash > 0) {.. sURL = sURL.substring(0, slash);.. }.. return sURL;..}....function getSecondLevelDomain(sURL) {.. var sDomain;.. var sSecondDomain = "";.. var arr;.. if (sURL != null) {.. sDomain = getDomainNameFromURL(sURL);.. arr = sDomain.split(".");.. if (arr.length > 2) {.. sSecondDomain = arr[1];.. }.. else {.. sSecondDomain = arr[0];.. }.. }.. return sSecondDomain;..}....function CompareSecondLevelDomains(sURL_1, sURL_2) {.. var result = false;.. try {.. var sSecondDomain1;.. var sSecondDomain2;.. sSecondDomain1 = getSecondLevelDomain(sURL_1);.. sSecondDomain2 = getSecondLevelDomain(sURL_2);.. if (sSecondDomain1 == sSecondDomain2) {.. result = true;.. }.. }..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\dynamic.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3140
                                                                                                                                                                                                              Entropy (8bit):4.472854553394219
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:HuKNuu1ywyvw8WU5Nuu1ywGz7vFlNuu1ywy:HuwaQw2wwy
                                                                                                                                                                                                              MD5:01AD57D140DA3C93803DD9D700373C52
                                                                                                                                                                                                              SHA1:3458CD2EDE13733C9B8447251DED6CDB5B6B182D
                                                                                                                                                                                                              SHA-256:A899595EF19B413A9099A9540852BE1013EBFA18379F31E65D9ACEEAEA52A163
                                                                                                                                                                                                              SHA-512:8E74CA4104F02318B659C67A34DD259681D8CC4F0971FA6F5B6165A1FEDEEEC79180A9C1BD33340607881818349697492EDA9B96580132A4A979F54AEF778FBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// small helper..function..simInsertAfter(newChild, refChild)..{ ...var oParent;...oParent = refChild.parentNode;.. oParent.insertBefore(newChild, refChild.nextSibling); ..}....function..simAddSeperator(id, insertAfterId)..{.. try.. {.. var oNewElem;.. var oElemExist;.. .. // create new element.. oNewElem = document.createElement('toolbarseparator');.. oNewElem.setAttribute('id', id);.. .. // add it.. oElemExist = simMyGetElementById(insertAfterId);.. simInsertAfter(oNewElem, oElemExist);.. return oNewElem;.. }.. catch(e).. {.. logSevere2(e);.. return null;.. }..}....function..simAddBanner(id, url, insertAfterId, name, width, height, bAddPadding)..{.. try.. {.. var oNewElem;.. var oElemExist;.. var oParent;.. var style;.. .. // create new element of banner.. oNewElem = document.createElement('iframe');.. oNewElem.setAtt

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\file.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):7243
                                                                                                                                                                                                              Entropy (8bit):4.667029972880432
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:1Ume45J4xbfd3QMs3LfHSVoLlHVcn1EoV5HAVcj/qr8S8G0oRoccNd+:TeRpfXQLHcoBHK1D5Hac7qwvGLx0d+
                                                                                                                                                                                                              MD5:B0B4F17785E11927B144C61C3148E2AC
                                                                                                                                                                                                              SHA1:260A37C06BC8294D79C72A329C261E187E9555BA
                                                                                                                                                                                                              SHA-256:85E23241F5A8301CCF224AF5C30DD58CD6D9584E731259147E3561813F78AEF5
                                                                                                                                                                                                              SHA-512:D9F29D4AF899D6E2D7AC5F3E6F0D4BDAA09B9ED4E3B546EA257B5D65E3E319153EC67A657756899404C3BFEAEE4129F98E249B546BE4067E80F9B19A42A5FEAD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODO2 - check this: dont put log bcz it recurse..function simGetFileSize(filename)..{.. var result = 0;.. try.. {.. var file;.. .. file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. file.initWithPath(filename);.. .. if (file.exists()).. result = file.fileSize;.. else.. result = -1; .. }.. catch(e).. {.. simAssert(eSeverity.eSEVERE, e);.. }.. return result;..}....function simReadFileToString(filename) {.. .. var result = null;.. .. try {.. var file;.. var cstream;.. var fstream;.. var data = "";.... logEnter();.... file = kCC["@mozilla.org/file/local;1"].createInstance(kCI.nsILocalFile);.. fstream = kCC["@mozilla.org/network/file-input-stream;1"].createInstance(kCI.nsIFileInputStream);.. cstream = kCC["@mozilla.org/intl/converter-input-stream;1"].createInstance(kCI.nsIConverterInputSt

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\findword.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3434
                                                                                                                                                                                                              Entropy (8bit):4.555949304243929
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1foLrnEe2o1349x0nrnE9zMZJH7Cb+KQGj8HmGF/hfqj:16oeBMuo9zMLHU+KQG4HzYj
                                                                                                                                                                                                              MD5:613B6833DCC4E6ABD2412016F8533729
                                                                                                                                                                                                              SHA1:2A8DD9827A4EF50AEF9BAD4A08697B2E953CF785
                                                                                                                                                                                                              SHA-256:D31BE0E9CDB8B1460D6E4F621EDE0C81E657B95D41D59B45BEA6127E43F61E4A
                                                                                                                                                                                                              SHA-512:A2FBE1B2E9A3D97F5FBD71FBC931D9672A8703B939BE0EFD7F70F895CDD77EBB32C0963BAAFD7635A9CD88DE420A57AC408EE7072C773A819D80D9E61B768E39
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simRemoveFindWordButtons() {.. try {.. logEnter();.... var oFindWordButton;.. var oFindWordItem;.... oFindWordItem = simMyGetElementById('sim_find_words_item');.. while (oFindWordItem.firstChild) {.. oFindWordItem.removeChild(oFindWordItem.firstChild);.. }.. }.. catch (e) {.. logSevere2(e);.. }..}....function simAddOneFindWordButton(oFindWordItem, label) {.. var oNewButton;.. var tooltipText;.. oNewButton = document.createElement('toolbarbutton');.. oNewButton.setAttribute('label', label);.. oNewButton.setAttribute('id', 'sim_id_for_find_word_' + label);.. //newButton.setAttribute('crop', 'end');.. oNewButton.setAttribute('class', 'sim_find_word'); // alse sets max width.. oNewButton.setAttribute('oncommand', 'simFindNextWord(event);');.. tooltipText = simGetFormattedStringFromBundle('sweetim.property.button.findword.tooltip', [label]);.. oNewButton.setAttribute('tooltiptext

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\generalobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1430
                                                                                                                                                                                                              Entropy (8bit):4.474103530814768
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:KX0t8sqp5raTuJ/fwo84vnUO0qRy67wf7o84vnM0qBQltydbjee5DRB6ykibjLeM:KE3U5J/fwopvnUO0Eyiwf7opvnM0SQPs
                                                                                                                                                                                                              MD5:EE7A229CBDB7F4F3023ACCC1A12CC8BB
                                                                                                                                                                                                              SHA1:AF5F336C583C51CD6FDB8D2FC960B525EEAA5B80
                                                                                                                                                                                                              SHA-256:8C4EA863D577011A2AACB884A18BE53C9599B3CA9B212AC893CA987DA5E2EC11
                                                                                                                                                                                                              SHA-512:C974CC5D0E5079BA1928CED96A64F3F1791079545FA983D4FA66918F5A5DFBF7D9B473AD45CD29AC3FAA9D9A86DC0F93CAD12AA42EED2ABFD5C206F759A1BDF2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_GeneralObserver = {.... // members.. _registered: false,.... // method: observe.. observe: function (subject, topic, data) {.. try {.. if (topic == "quit-application-requested") {.. simOnQuitApplicationRequested();.. }.. }.. catch (e) {.. logSevere2(e);.. }.. },.... // method: register.. register: function () {.. if (!this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.addObserver(this, "quit-application-requested", false);.... this._registered = true;.. }.. },.... // method: unregister.. unregister: function () {.. if (this._registered) {.. var observerService = kCC["@mozilla.org/observer-service;1"].getService(kCI.nsIObserverService);.. observerService.removeObserver(this, "quit-application-requested");..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\global-namespace.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):814
                                                                                                                                                                                                              Entropy (8bit):4.8948254611600035
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:EfYCIaDJIDD7FsoKI78kLLrpbhoc5tA1iVCYKOHsgp7cbUNnIHYK30JWM/qGwY8s:ErIa/o18kzpb81zLa1nMEJWMiGWs
                                                                                                                                                                                                              MD5:F94995DEAE7ABCDFCE3A3C9BB5F5EC01
                                                                                                                                                                                                              SHA1:4D3C7CB0EA579AD062EDADD18D52EDBD54A331DD
                                                                                                                                                                                                              SHA-256:E3A1E261E542BB984064D9F1B02A72720A4F238BFB3EC8D76BD5407D5FEDB6D2
                                                                                                                                                                                                              SHA-512:B903EB8183214EE0F8F152478AB99B002746A29575AA3B2214153E2C050295C2D37CC28406432452D33F2D12751A5079DEE927CD49CF1EE0686145E434B7359A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// loaded in "global namespace", bcz function already "SIMTB_Navigate" in use by ppcbully banner,..// without use of namespace....// called from ppcbully banner, in order to open ad in _current_ or _new_ tab, instead of in new window..// (cannot be done directly using JS, without helper function)..function ..SIMTB_Navigate(url) {.. try {.. NAMESPACE_SIM_TB.logEnter();.... var target = NAMESPACE_SIM_TB.simGetConfigString("ppcbully.target");.. if (target != null && target == "new-tab") {.. NAMESPACE_SIM_TB.simNaviagteToUrlInNewTab(url, false).. }.. else { // no value, or "current-tab", as default -> open in current tab.. NAMESPACE_SIM_TB.simNavigateToURL(url);.. }.. }.. catch (e) {.. NAMESPACE_SIM_TB.logSevere2(e);.. }..}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\globals.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3538), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5929
                                                                                                                                                                                                              Entropy (8bit):5.118606362873504
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:PT7FggKebtnL/6q0P7ETojlQXdMdnL2D5JeMp6ncwGTSM3YtlPLg:PT7VKStnT6DxhSD5+gYtts
                                                                                                                                                                                                              MD5:95C9B565B9F126BA7B38D804AFF23F3B
                                                                                                                                                                                                              SHA1:7A591C7532742665FCD9BA582C7D619B0728C698
                                                                                                                                                                                                              SHA-256:0544D0A22B2AE4A1F47EE22CBA892C28D3C40AD20D46C87040A78232F5315E2B
                                                                                                                                                                                                              SHA-512:2D799781037E44944571243D6924F5CA457ECDF3B450FEE035A48DF9F5F1CBC59E49A29E26213329B53A67913C3A04D176F62337B749425BA3D3BB04DE30CD3F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// urls..const SIM_URL_SEARCH = "http://search.sweetim.com/search.asp"..const SIM_URL_WWW = "http://www.sweetim.com";..const SIM_URL_HOME = "http://home.sweetim.com";..const SIM_URL_FORUM = "http://www.sweetim.com/forum/";..const SIM_URL_HELP_FF = "http://www.sweetim.com/help_simff.asp";..const SIM_URL_HELP_ABOUT = "http://www.sweetim.com/about_overview.asp";..const SIM_URL_HELP_UNINSTALL_FF = "http://www.sweetim.com/uninstallhelpff.asp";..const SIM_URL_FEEDBACK = "http://www.sweetim.com/help_contact.asp";..const SIM_URL_PRIVACY = "http://www.sweetim.com/eula.html#privacy";..const SIM_URL_AFTER_INSTALL = "http://www.sweetim.com/installbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UNINSTALL = "http://www.sweetim.com/uninstallbar.asp?barid=%toolbar_id";..const SIM_URL_AFTER_UPDATE = "http://www.sweetim.com/updatebar.asp";..const SIM_URL_SEARCH_FOR_DS = "http://search.sweetim.com/?src

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\gui.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):994
                                                                                                                                                                                                              Entropy (8bit):5.055837583663413
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nNRePft2xlRewMoHPiRoBioxNjoKweJiJ2nNRRXAofYRRm5YrRR2Re7Uh2JE:1nNEnt2xHxM4iaBioxNj2J2nNbAogmYY
                                                                                                                                                                                                              MD5:B21915268656A59AB1FEFDB73060C116
                                                                                                                                                                                                              SHA1:11029F793F81E05A5666D90367E4DE17D489ED9F
                                                                                                                                                                                                              SHA-256:F18C604A4AC3C9E331EE4CCDD5B9064392C7AE1F53068FD20F990500BE961752
                                                                                                                                                                                                              SHA-512:FCB822F6BDFFB744A74B6CF7B92F89B4A86059959B79DCB98ED2D8DAA3AA51F17290F432A4619FD3B0286D3A038D0F1C7656310D9D579087AC9E40F2D9CBEA5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyGetElementByIdImpl(oParent, id){.....var oElem = null;...if (oParent != null && oParent.hasChildNodes()) {....var children = oParent.childNodes;....for (var i = 0; i < children.length; i++) {.....var oChild = children[i];.....if (oChild.id == id) {......oElem = oChild;......break;.....}.....else {......// try to recurse......oElem = simMyGetElementByIdImpl(oChild, id);......if (oElem !== null)......{.......break;......}.....}....}...}...else{....//alert("children.length = 0");...}...return oElem;..}....function simMyGetElementById(id){...if (false) { // orig, but in correct when we also have TB running along side FB,....// bcz they use same ids....var obj;....obj = document.getElementById(id);....//alert("obj = " + obj);....return obj;...}......var oParent;...var oElem = null;...oParent = document.getElementById(SIM_TOOLBAR_ID);...oElem = simMyGetElementByIdImpl(oParent, id);...if (oElem == null) {....// alert("oElem null for id = " + id);...}...return oElem;..}..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\highlight.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11741
                                                                                                                                                                                                              Entropy (8bit):4.718561487895601
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:M4waE6qTeRNKsTVyJnd9M6sTaQqIqIPejICyIK4+WPgGMo3acYkXwx:NRqpTeejmazycM
                                                                                                                                                                                                              MD5:19C91355F834A826C848D1FAE11C5FAF
                                                                                                                                                                                                              SHA1:8EE43CDE546F9CB1BF8A4C3B4FBB0BD1A669112C
                                                                                                                                                                                                              SHA-256:8FB0A6DA582D7BE18DF253731ED0EF4136C9609064ACF8FF83B7CBD4F26F9A6C
                                                                                                                                                                                                              SHA-512:908A9B95FA8E26485027B85B94B46C84DB1FD487CC315547FB6B8E6D0720FA3EF917C091C7F33CFF5C091C35DF0B022875EFD10D52829FD96566392C4FEA2B9D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrColors = null;....// private..function simGetHighlightButton()..{ .. var oButtonHighlight;.. oButtonHighlight = simMyGetElementById('sim_highlight_btn_id');.. return oButtonHighlight;..}....// private..function simGetHighlightButtonChecked()..{ .. var oButtonHighlight;.. var bChecked;.. .. oButtonHighlight = simGetHighlightButton();.. if (oButtonHighlight.hasAttribute('checked')).. {.. bChecked = oButtonHighlight.getAttribute('checked') == 'true';.. }.. else.. {.. bChecked = false;.. } .. return bChecked;..}....// private..function simSetHighlightButtonDisabled(bDisabled)..{.. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.disabled = bDisabled;..}....// private..function simSetHighlightButtonChecked(bChecked)..{ .. var oButtonHighlight;.. .. oButtonHighlight = simGetHighlightButton();.. oButtonHighlight.setAttribute('checked', bChecked);..}.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\history.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2980
                                                                                                                                                                                                              Entropy (8bit):4.13201368175262
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1suFOFuLDFEFEnXU8cCVVIdk2W7zdXO4DOWlCuTMCSz:TFOcPFEFoflSI3JHD2qgz
                                                                                                                                                                                                              MD5:2A1BE640289F613777A831410130DB4D
                                                                                                                                                                                                              SHA1:BDAF40DC75C69F30799DF9A4B2428930F30F3624
                                                                                                                                                                                                              SHA-256:4B747F43C14B6C95EB37EB2340072B40125C57999DA530FFADBCB999D81ED393
                                                                                                                                                                                                              SHA-512:DDFC32305F9C0FAE715BBE4C918007E6ACD3AFC94FF0054FE47021E8EBD9B4048DC9F1F296DE2EAC76779BFC6D3ACF5E406AD47D5650FF07DCEAB4A32B1C340C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchHistory()..{.. var result = null;.. try.. {.. var arrEncoded;.. var sHistoryItems = "";.. if (simGetIsConfigExists("search.history")).. sHistoryItems = simGetConfigString("search.history");.. if (sHistoryItems && sHistoryItems.length > 0).. {.. result = new Array();.. arrEncoded = sHistoryItems.split(",");.. for(var key in arrEncoded).. {.. var encoded;.. var decoded;.. .. encoded = arrEncoded[key];.. decoded = decodeURIComponent(encoded);.. logDebug("key="+key+",encoded="+encoded+",decoded="+decoded);.. result.push(decoded);.. }.. }.. }.. catch(e).. {.. dump("simGetSearchHistory= "+e);.. //logSevere2(e);.. }.. return result; // array of decoded..}....// param text shouldNT be encoded..function simAddToSearchHistory(

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\inject.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6637
                                                                                                                                                                                                              Entropy (8bit):4.38577654837664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:YXyv7ijuSlT3gChurexw6Z7VNsOAojOWkhkCnHSBFRs+Mz2CNN:nvjquWwy7NOWqkCyBFRs+MqG
                                                                                                                                                                                                              MD5:560EFC94BF82CD40EDFA51D0EC7A8ED5
                                                                                                                                                                                                              SHA1:991B9B36CBF729632310D8B862EC92928F20D43D
                                                                                                                                                                                                              SHA-256:0A8AAB29CAFA7055F99DBAE359400B8EF187EC181F8976F7B7748CDEA4AAD88E
                                                                                                                                                                                                              SHA-512:2517F88D6F4FE557F2D894D64F9697F4FFC162F64C4E4D943B09024EDDD7CBB2E37D240CB684FE656348E082DAD011E3DEA0955BA1AB3BBB8063A4B741B9ACD4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// TODOZ: future use..function SIMScriptInfo() {.. this._sRegexp = "";.. this._sURL = "";..}....var g_sim_strScriptURL = "http://sc.sweetim.com/apps/in/fb/infb.js";....function simAddScriptToDocument(oDocument) {.... try {.. var SCRIPT_ELM_ID = "id_script_sim_fb";.... var objScript = oDocument.getElementById(SCRIPT_ELM_ID);.. if (!objScript) {.. var head = oDocument.getElementsByTagName('head')[0] || document.documentElement;.. var scriptElement = oDocument.createElement('script');.. var url = simGetConfigString("urls.ScriptUrlFB"); // same name as used in IE.. if (url == null || url == undefined || url == "") {.. url = g_sim_strScriptURL;.. }.. scriptElement.src = url;.. scriptElement.type = "text/javascript";.. scriptElement.language = "JavaScript";.. scriptElement.id = SCRIPT_ELM_ID;.. head.insertBefore(scriptEl

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\install.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22273
                                                                                                                                                                                                              Entropy (8bit):4.567586678614434
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:N44hc4vQNQMq2ygMZr87jmnH5dgRTHR4/bKfn+E:N4A1ZeSm
                                                                                                                                                                                                              MD5:4F697EF09E80937BD0321C81800CA48F
                                                                                                                                                                                                              SHA1:B58FA1875961D22E5E3534225F7B7D17E5530308
                                                                                                                                                                                                              SHA-256:43729CF4EC878E3B12B60A1CD19A78516BC79CFBAAA0E289DDA2432EF25E248D
                                                                                                                                                                                                              SHA-512:8FD1CFD5E02F753519A142F0DDEF5CB32ED6C59C12D1BDDC6CCDC7E1CD9CCFCC478EF5E9673543F113FD419B90C0B7B1C860499461D848A53E853F7D3C2BDE24
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simOnInstall()..{.. try.. {.. logEnter();.. simAddDefaultConfig();.. simUpdateVersionFromRDFInPrefs();.. }.. catch(e).. {.. logSevere2(e); .. }..}....function simGetPrefsArray()..{.. var arrPrefs = new Array();.. .. // keyword url.. arrPrefs.push( {prefName:"keyword.URL", prefSweetIMValue:"http://search.sweetim.com"} );.. .. // default search.. arrPrefs.push( {prefName:"browser.search.defaultenginename", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. arrPrefs.push( {prefName:"browser.search.selectedEngine", prefSweetIMValue:SIM_SEARCH_ENGINE_NAME} );.. .. // homepage.. // get the value which was added by setup, as homepage.. // was stored also here for comparsion. see c++: SetFFDefaultHomePageUsingPrefsFile.. var sSweetIMHomePage = simGetConfigString("urls.homepage");.. arrPrefs.push( {prefName:"browser.startup.homepage", prefSweetIMValue:sSweetIMHomePage} );.... return ar

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\logger.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10479
                                                                                                                                                                                                              Entropy (8bit):4.595467703826516
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:danfRLbJ1A0MASuHvLLKO9LJOq2/pOq6pdyJFIZMGt4Z:dsbQaLLKO9LYZ/UJPaZ
                                                                                                                                                                                                              MD5:5329A994D60FB712F6D18F9D69C0B29B
                                                                                                                                                                                                              SHA1:F0E9AE0F6EE68BEE731176871741836A4F400715
                                                                                                                                                                                                              SHA-256:CA3540B7DD00EE74126562A027B6C11A3DF3E6155313D9D39DF3F48409635BBD
                                                                                                                                                                                                              SHA-512:034147BE48FEC3A3B40F74C8835FB158A8A01BEC52394DA431F5B8C614FA38C7B9DB9AFF3D34A455060E35FD0BC1860B3E6196760A9380C437A53D85222710F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// for eSeverity original definition, see Level.h..var.eSeverity =..{.. eALL:0,.. eDEBUG:1,.. eCONFIG:2,.. eINFO:3,.. eWARNING:4,.. eSEVERE:5,.. eCRITICAL:6,.. eOFF:7..};....var g_loggerInit = false;....var g_FileHandler_FileName = null;..var g_FileHandler_MinReportLevel = null;..var g_FileHandler_MaxFileSize = null;..var g_ConsoleHandler_MinReportLevel = null;....var sim_g_loggerDisabled = false;.. ..function initializeLogger()..{.. // TODO - the strings of prefs names, appear also in config.js => put them in one place only.. .. if (simHasConfigPrefs()).. { .. g_FileHandler_FileName = simGetConfigString("logger.FileHandler.FileName");.. g_FileHandler_MinReportLevel = simGetConfigString("logger.FileHandler.MinReportLevel");.. g_FileHandler_MaxFileSize = simGetConfigString("logger.FileHandler.MaxFileSize");.. g_ConsoleHandler_MinReportLevel = simGetConfigString("logger.ConsoleHandler.MinReportLevel"

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\main.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2761
                                                                                                                                                                                                              Entropy (8bit):4.585147185811158
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:G3JhY6Boz41aDkkaYMjNgr3AetwWOzBT4JF5Ay6:G3JOXDlazjN+w2OBMWf
                                                                                                                                                                                                              MD5:2E2A156B39E9712A9009685B01C32097
                                                                                                                                                                                                              SHA1:E1A475D4A5630873BBB4385130F7AB784BDEB90C
                                                                                                                                                                                                              SHA-256:5A7F42C79EF674479812DB4A4AF9A0F8C419AF9042D51542174E64BA9CE9276E
                                                                                                                                                                                                              SHA-512:C8AE2C1FFD66C613D5F20B957120BCE25C436A0C5EC9D42C0202781DC78EC3C4B67AABD2EA5D3546F6E1E4C7AF69FD328D0FDAD1BCA8957872093083012C6188
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var NAMESPACE_SIM_TB = {};....NAMESPACE_SIM_TB.loadScripts = function () {.. // load external JS files, into gloabl object "NAMESPACE_SIM_TB", which is used as namespace.. try {.. var path = "chrome://sweetim-toolbar/content/";.. var loader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"].........getService(Components.interfaces.mozIJSSubScriptLoader);.. var files = new Array(.. "sweetim-toolbar.js",.. "registry.js",.. "config.js",.. "search.js",.. "searchguard.js",.. "searchservice.js",.. "logger.js",.. "commands.js",.. "highlight.js",.. "tabinfo.js",.. "tabinfo-array.js",.. "webprogresslistener.js",.. "contentmenu.js",.. "splitter.js",.. "chevron.js",.. "uninstallobserver.js",.. "version.js",.. "install.js",.. "globals.js",.. "history.js",.. "file.js",.. "stringbundles.js",.. "tooltip

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\messagebox.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):790
                                                                                                                                                                                                              Entropy (8bit):4.552759257474942
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:xb7gDv5WyDfcoXNWiB14/7+KI5hoG2tyUovprDzpTz8yhphzFnATpJx37GpJcL:1kv5BDUoX/4TNlkpp3NTwOhFmXYcL
                                                                                                                                                                                                              MD5:EBBDC1D24F91354112CE613C5FF079D4
                                                                                                                                                                                                              SHA1:9E6902E98BB070AC14A53476B830F546BCD41E4F
                                                                                                                                                                                                              SHA-256:822A4FADA8538D2365EB806AF58516D76C5E00E49FFB4B81261BFA14F13DCB3B
                                                                                                                                                                                                              SHA-512:DA18275FF3A33E93ED7D827BCB9697492A6AEEB83C5265F3A470CED73DE3DC361F39A16EB90D1C39FBBAC1BF59F002DD9EFF24F68C397DD1726D7F65DEF32F96
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMessageBox_OkCancel(sCaption, sText) {.... var result = null;.. try {.. // show message, ask user if to keep settings.. var promptService = kCC["@mozilla.org/embedcomp/prompt-service;1"].getService(kCI.nsIPromptService);.. var flags = promptService.STD_OK_CANCEL_BUTTONS;.. var check = { value: false };.. var button = promptService.confirmEx(window, sCaption, sText, flags, null, null, null, null, check);.... // set the value that user selected in result.. if (button == 1) // user selected "pos_1" button => no.. {.. result = false;.. }.. else {.. result = true;.. }.. }.. catch (e) {.. logSevere2(e);.. return null;.. }.... return result;..}

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\ppcbully.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                              Entropy (8bit):3.7605520099280896
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:JyBoNLxRRtU3dLqRRdv7f+fOpLfy8fHUwBc1P+urxpZhzZDb:kB4x+opDGmB5WmuLPh
                                                                                                                                                                                                              MD5:D0D9DDC7A4FCEC37560A070DFA13BF5E
                                                                                                                                                                                                              SHA1:ABBDD24BB2BF5C915F3037F8CDB5675D6A9F331A
                                                                                                                                                                                                              SHA-256:B28E9EDE8088E44E68C13BF1AA7B540924A6D18C0F25B015D4CABC02E3F6AD3B
                                                                                                                                                                                                              SHA-512:598A7B9F07F25E0A606431F3A93D618885CD803233B29465869E754285666CA2212B53BE3BB997A48F272617618B4EB5FE799E004ECB948E941AA767D84A189B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// notifies ppcbully banner on every document complete...// called from rc.html..function..simNotifyPPCBullyBannerOfDocumentComplete(bannerId, url)..{.. try {.... logDebug("params: bannerId = " + bannerId + ", url = " + url);.. .. var oToolbar;.. var oBanner;.. oToolbar = document.getElementById(SIM_TOOLBAR_ID);.. if (oToolbar.collapsed == false) // check if toolbar is hidden.. {.. oBanner = simMyGetElementById(bannerId);.. if (oBanner).. {.. if (oBanner.contentWindow != null && oBanner.contentWindow).. {.. if (oBanner.contentWindow.pbNavigateComplete != undefined) {.. try {.. oBanner.contentWindow.pbNavigateComplete(url);.. }.. catch (e2) {.. logSevere2(e2);.. }.. }.. el

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\registry.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):5801
                                                                                                                                                                                                              Entropy (8bit):4.664439405681212
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:XnVid/DwfTNCDKUTisuLpBXPJjH9BL3rqzx5GH1zTNb1Lx1+:XVid/DwfT2KUTi7/XPJTbL3rqzx5GzTG
                                                                                                                                                                                                              MD5:8008F72ECA33168113BF191E38503787
                                                                                                                                                                                                              SHA1:E955FA0F508421836DF1DE60B9405CC310B1399C
                                                                                                                                                                                                              SHA-256:7744FCB23B17BAD1F7D66574158B06AF918590F13E0EBCE1550E86E2CD41388C
                                                                                                                                                                                                              SHA-512:C66418A1B16C88D205CDE3D154F907AF743DBBD4DD81CBA4870E2BE32C70784E9EE55B32670AAB984935F071BAB3D9F0C76C7551FCF9FF9FAD0CE6BCB591D4C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// rootKey > HKCU, HKCR or HKLM..// subKey - string..// sAccess > "ACCESS_READ", "ACCESS_WRITE" or "ACCESS_ALL"..function simOpenRegsitryKey(rootKey, subKey, sAccess)..{.. var result = null;.. var rootKey2 = null;.. var access;.. .. try.. {.. result = kCC["@mozilla.org/windows-registry-key;1"].createInstance(kCI.nsIWindowsRegKey);.. .. switch (rootKey).. {.. case "HKCU":.. rootKey2 = result.ROOT_KEY_CURRENT_USER;.. break;.. case "HKCR":.. rootKey2 = result.ROOT_KEY_CLASSES_ROOT;.. break;.. case "HKLM":.. rootKey2 = result.ROOT_KEY_LOCAL_MACHINE;.. break;.. } .. switch (sAccess).. {.. case "ACCESS_READ":.. access = result.ACCESS_READ;.. break;.. case "ACCESS_WRITE":.. access = result.ACCESS_WRITE;.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\release.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):146
                                                                                                                                                                                                              Entropy (8bit):4.767727345085542
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:8WlPUNFDMJ9+fkVLLxIWJVJM9BeqFHQLvC8uVL3DfFn:8WlcSJ97LRbJM9xFwL6tF3Dtn
                                                                                                                                                                                                              MD5:747594BE6C4F3CAD60FD041F4D6B2F7F
                                                                                                                                                                                                              SHA1:7281CE747E33CF70A00FA454BBD8C0757A8534B1
                                                                                                                                                                                                              SHA-256:0C82D59157B3985CBF6F254CA12A63AE86AE08EFF432EE423D0F630D7B58D123
                                                                                                                                                                                                              SHA-512:D3822A112247C1C6B5E405B6405693D52225326C1B1DCCEF44127A828C16517ADFEBD6F1E09D4EE5A983C1452361A708E9B08ADCBF004FB90A3588623B53E111
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// see relavent .h file..// "__ENABLE_LOGGING__" is not used anymore, to simplify and make only one build..// const __ENABLE_LOGGING__ = false;

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\remote.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2866
                                                                                                                                                                                                              Entropy (8bit):3.9577654921496856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:fUjX/azHQrw/Mt8vjVopMQDAGpORxQTho:kvaNjVo2CYH
                                                                                                                                                                                                              MD5:4D7F123CAD5ADDBBCD24532A7DA71839
                                                                                                                                                                                                              SHA1:A3E202D2E2E5E521DEE6C234AABFB3130108823F
                                                                                                                                                                                                              SHA-256:043DD5866F912585FAD932DF1735E702E904465BD8ABF04C7B62F257A5888B59
                                                                                                                                                                                                              SHA-512:FD4157D0889934B385FE3723C6230B259DDCAD93ED171C2486E5B462DE9BB806D60928AB16E4A11716CB60A8B1D0310F725034BA80B44EE9712AA6BAEFE94C78
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_scriptOnDocumemntComplete = null;....function simInitializeRemoteControl()..{ .. try.. { .. // MOVE to download complte of "control banner" ???/.. // step 1.. // get object of remote control web page.. var oElem = document.getElementById(SIM_REMOTE_CONTROL_ID);.. if (oElem) {.... if (oElem.contentWindow && oElem.contentWindow.SIMRC_getCodeForOnLoad) {.. // step 2.. // get script from remote control web page .. var script;.. script = oElem.contentWindow.SIMRC_getCodeForOnLoad();.. //alert("script = " + script);.... try {.. // step 3.. // execute script.. eval(script);.. }.. catch (e) {.. //alert("e = " + e.message);.. logSevere2(e);.. }.. }.. else {.. log

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\search.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13939
                                                                                                                                                                                                              Entropy (8bit):4.490104471837317
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hz4NrMFE5ypxxPgANkYser6lUljfT5wfimNN5h5Up:Pl5v6KtfT5wamNw
                                                                                                                                                                                                              MD5:A381E5306EA29348EB9965719A4F37E5
                                                                                                                                                                                                              SHA1:2602001F45E3EC3B07CD5E595843A20ACD3F9DCE
                                                                                                                                                                                                              SHA-256:7A5F71914DA2546E0C9D00B64A3CD3945312AA143768A8D7D2B8C472A38ED346
                                                                                                                                                                                                              SHA-512:0431AD475B09A019C3A1DFD730D97C0A07534A5BB8D9B9040092DC3350CBBD1BE47D302A5DAE94C6825B2F20C3C006EE4FD2D945D38D69F26A41EA667455756D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....var sim_g_historyCapacity = null;..var sim_g_arrExteranlSearch = null;....// trims start and end..function simTrimString(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return "";.... string = string.replace(/^\s+/, ''); // Remove leading whitespace.. string = string.replace(/\s+$/, ''); // Remove trailing whitespace.... return string; // Return the altered value..}....////////////////////////////////////////////////////////////////////////////////..// 1) Calls "simTrimString" to trim start and end..// 2) Removd "runs" - and convert all runs of more than one whitespace..// character into a single space. ..// The altered string gets returned...////////////////////////////////////////////////////////////////////////////////..function simTrimStringAndRemoveRuns(string)..{.. // If the incoming string is invalid, or nothing was passed in, return empty.. if (!string).. return

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\searchguard.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15169
                                                                                                                                                                                                              Entropy (8bit):4.471034320295774
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:1jHSjKtnD3TbQDzFPswdXNpF+KdoWkln6yBQdLJqKW87ZE0dhrBBhB4XqIh:ZyjKZD3vQDzFpXv3oWun6yBQdLJqKW8g
                                                                                                                                                                                                              MD5:AD60C046850E849FDE33AC00B901E559
                                                                                                                                                                                                              SHA1:663FD643D2640A319F759985BFAD727CDB26CABD
                                                                                                                                                                                                              SHA-256:39F6887369282791F458CA901DAA9690639931208CA08C7555601AA76CFC46E1
                                                                                                                                                                                                              SHA-512:42631BA9213413F857F3DAC4AABCA400D26A9303AA427D9E408FE8FF5923132E1F6D21E08DAE58B0879E07D0B49EE531D87239AF4C62EFF0FC82A513C17D1441
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const SIM_SEARCH_GUARD_PARAM = "st";....function simUnhideSearchEngine() {.. logEnter();.... try{.. var engine = simGetSearchEngine();.. if (engine!= null && engine.hidden == true) {.. engine.hidden = false;.. }.. }catch(e) {.. logSevere2(e);.. }..}....// checks if param exists in url of search provider (plugin)..// it is found under os:Param tag, in XML of search plugin...// didn't fidn a way to check this using API/XPCOM etc...function simCheckIfParamExistsInSearchProviderURL(paramName) {.. logEnter();.. .. var exists = false;.. try {.. var engine;.. var SP;.. var xml;.. .. engine = simGetSearchEngine();.. if (engine != null) {.. SP = simGetSearchPluginFile();.. if (SP.exists()) {.. xml = simReadFileToString(SP.path);.. if (xml != null && xml != "") {.. // we also check for prefix of &, bcz this is how we ad

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\searchservice.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1970
                                                                                                                                                                                                              Entropy (8bit):4.240138604578698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1ME/NbNZ4DmHfknInl/2gbNmK8hxo3i14DpWitBxgWoQfhRos2iQRpbX3HY:1MEwKsInf4ThK3iykit3Zhqs2iQfnHY
                                                                                                                                                                                                              MD5:D84A32AC7348C138C959B8DED416E3BE
                                                                                                                                                                                                              SHA1:7D3636316AE54ECD3950D7C041E54D9028C5C56F
                                                                                                                                                                                                              SHA-256:7057A6C5AA02C8C89957FC9688585B9D5484C0E739722BD714FA619FFB312BB8
                                                                                                                                                                                                              SHA-512:723B1C032C5151E9A285683830C07F687A9408252F71E2277D2C312EC640352D798C494D9A952CC26CA1488504E52359285767F322289A1A7D9F0DD9461C0C01
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simGetSearchEngine() {.. var searchService = null;.. var engine = null;.... logEnter();.... try {.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != null) {.. engine = searchService.getEngineByName(SIM_SEARCH_ENGINE_NAME);.. }.. } catch (e) {.. logSevere2(e);.. }.. .. return engine;..}....function simAddSearchEngine() {.. .. var searchService = null;.. var engine = null;.. var bResult = false;.... logEnter();.... try {.. // step 1.. // check if engine already exists.. engine = simGetSearchEngine();.. if (engine != null) {.. logInfo("engine already exists");.. engine = null;.. }.. else {.. // step 2.. searchService = kCC["@mozilla.org/browser/search-service;1"].getService(kCI.nsIBrowserSearchService);.. if (searchService != nu

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\splitter.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3044
                                                                                                                                                                                                              Entropy (8bit):4.67890442222015
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:QTHlWfqcTUJrzQ2fgFDQtgM8irSjXgmcCHwZoOkKT0wTx:ucSdhzD0oYgmEX/x
                                                                                                                                                                                                              MD5:6AFA89C5ED43D559D7503C6C1C826FBC
                                                                                                                                                                                                              SHA1:83BBA8FDD394CFC46ABD3E093F177DFDD85FBBA5
                                                                                                                                                                                                              SHA-256:F0DA29B0A1584D22E79D24E278C1DF28BDADE53867D769AD0A7E27188EDAD3BA
                                                                                                                                                                                                              SHA-512:3E2806E1E9C11DEDD6F745C89F7A2F8058D09F3ED44DD638C9417F45C4DB4B7D89FD604BCA40E4D2D80D2A9279B13FCD70CB0EE659A313DA3F825435C7441AFA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:// From: http://developer.mozilla.org/en/docs/XUL_Tutorial:More_Event_Handlers..// "The button and detail properties only apply to the mouse button related events,..// not mouse movement events...// For the mousemove event, for example, both properties will be set to 0."....var sim_g_dragging = false;..var sim_g_lastX = 0;..var sim_g_splitter_at_max = false;....function simInitializeSplitter()..{.. try.. {.. var oSplitter = simMyGetElementById("sim_toolbar_splitter");.. oSplitter.addEventListener('mousedown', simOnSplitterMouseDown, false);.. window.addEventListener('mousemove', simOnGlobalMouseMove, false);.. window.addEventListener('mouseup', simOnGlobalMouseUp, false);.. }.. catch(e).. {.. logSevere2(e);.. }..}....function simOnGlobalMouseMove(event)..{.. if (sim_g_dragging).. {.. simUpdateSplitter(event);.. sim_g_lastX = event.screenX;.. }..}....function simOnSplitterMouseDown(event)..{.. //logEnter();..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\stringbundles.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1969
                                                                                                                                                                                                              Entropy (8bit):4.738627059733319
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:8G7y6KggRBGVcIgy6wLvOjR7oaupozmc4soM4zfEce:dG6KRqVT6wzwtmkj/
                                                                                                                                                                                                              MD5:E030A1FFDA7407FB1C06FDB448BD7571
                                                                                                                                                                                                              SHA1:2DF2D30A384A1C19C56391C8C16A31828621B5EC
                                                                                                                                                                                                              SHA-256:AE8F9E51B3FF22C151D3E6FCE7B5DC603D29716D773AEFFF8B20FC75C7E3EA76
                                                                                                                                                                                                              SHA-512:F0F02A7492C4D23E9C7B5BC2A69BFC757A4D3C7F051C0774F15431895C4D892017D4AE882D7FBA301240723723058C37B8149A74C650CAA769F6614D658E2810
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_StringBundle = null;..var sim_g_nsIStringBundle = null;....// should be called from XUL, or JS, where "document" object is defined..function simGetStringFromBundle(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_StringBundle).. {.. sim_g_StringBundle = document.getElementById('sim_stringbundle');.. }.. result = sim_g_StringBundle.getString(name);.. }.. catch(e) {.. logWarning("exception for name: " + name);.. logSevere2(e);.. }.. return result;..}....// should be called from components, such as SIMAutoCompleteSearch.js,..// where "document" object is NOT defined..function simGetStringFromBundle2(name)..{.. var result = "";.. .. try.. {.. if (!sim_g_nsIStringBundle).. {.. // load bundle directly.. // see "Creating the bundle via XPConnect".. // (http://books.mozdev.org/html/mozilla-chp-11-sect-3.html).. var src = 'chrome://s

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-contentmenu.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):653
                                                                                                                                                                                                              Entropy (8bit):5.057236170457901
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:TMG8NWF77hHEdBMBMh5I9XoCtLDAHjxAHXq6tW0N1ZHXO+gcWqSVJIsXGvc8:38kX9E6BWI9X7LqINrOaW7gsc
                                                                                                                                                                                                              MD5:BB5DF7BCC2B69614EAA5111958390C72
                                                                                                                                                                                                              SHA1:14D1A1BF2E69F338B09382EB2E1B564D0CADC02B
                                                                                                                                                                                                              SHA-256:83492D77CA972E1D2D07A7842C836A78F64F49A753E8344354F16C61AAACF820
                                                                                                                                                                                                              SHA-512:711CADB3715B729E6A91560A098504D71CF64A19528173DF0017CA839738B4F654FFF97EDAC0534E3FF68E0BC2E2201DF4806AAF96DEBB698645D16268E5868A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>..<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>......<window id="id_window_sim_content_menu"... title=""... orient="horizontal"... hidechrome="true"... xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"... onload="simContentMenuWindowOnLoad(event);"... onunload="simContentMenuWindowOnUnload(event);">.... <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/contentmenu-handler.js" />......<browser id="id_browser_sim_content_menu".. ..src="http://content.sweetim.com/sim/mfftb20.html".. ..width="420px".. ..height="440px">...</browser>..</window>

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12636
                                                                                                                                                                                                              Entropy (8bit):4.680240080485856
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:XVCcV9nwupCxD5AcVl1MMoRgYjVY3kPZR8qsXdW4B8aHdivE/FF:kM9w/l57KR6atSLlFF
                                                                                                                                                                                                              MD5:63448F76A72B0C3858601365E5083946
                                                                                                                                                                                                              SHA1:EFDD6D0BAF4F2E1ACE8D1E7AD5918BCD9AF4D998
                                                                                                                                                                                                              SHA-256:088BB06B17A050D1CA7D6EF082130E4B1752CB36D49E2184F4B207CA43813B02
                                                                                                                                                                                                              SHA-512:65C10E8507688ABBCF27403ED338D488314961DCEC5E145E96FD4B1E5392D6D748404353810BA6E58F5AC34FAE3C3AC86B8490BC8418A5B8FBAC0D1578D04590
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var g_sim_onload_completed = false;....function simOnFirstRun()..{.. try.. {.. logEnter();.. .. simOnInstall();.. }.. catch(e).. {.. logSevere("catch: " + e.message);.. }..}....function simIsFirstRun()..{.. var result = true;.. var has;.. .. try.. {.. logEnter();.. .. has = simHasConfigPrefs();.. result = !has;.. }.. catch(e).. {.. logSevere2(e);.. }.. .. return result;..}....function simOnToolbarDOMAttrModified(event)..{.. try.. { .. //logEnter();.. .. if (event.attrName == 'collapsed').. {.. var bCollapsed = event.newValue == 'true';.. simOnToolbarCollapsed(bCollapsed);.. }.. }.. catch(e).. {.. logSevere2(e);.. }..}......// we get here, when user has hidden the toobar using..// "View"/"Toolbars" and the uncheck out toolbar..function simOnToolbarCollapsed(bCollapsed)..{.. try.. { .

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\sweetim-toolbar.xul

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17033
                                                                                                                                                                                                              Entropy (8bit):4.649335724543702
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:NYebeeVIOFtAkvocIhzBeLdGrRY6hl6gfHZbOB71oOGJ:NYYSi4lZ+717GJ
                                                                                                                                                                                                              MD5:C5E042E981DB5DC014E02AAD88A1DE44
                                                                                                                                                                                                              SHA1:2DC36BD5A53B298A5C18672F1EECC9EB72DCCC69
                                                                                                                                                                                                              SHA-256:DBAB041CFA5D8696FC6830F7814848DABE75AC2BEE7F537A54F75D16CFB28A1E
                                                                                                                                                                                                              SHA-512:C87C57DC1E2A58EC2A0121F6DFE647C1B0734BAD53DDD08BDD2483E50888DDE5DE17A8518EB11C16E4A186A83099EA12478319502CBACD4754B5CAA85807C748
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>..<?xml-stylesheet href="chrome://sweetim-toolbar/skin/sweetim-toolbar.css" type="text/css"?>....<!DOCTYPE overlay SYSTEM "chrome://sweetim-toolbar/locale/sweetim-toolbar.dtd">....<overlay id="sweetim_overlay".. xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">.. .. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/main.js" />.. <script type="application/x-javascript" src="chrome://sweetim-toolbar/content/global-namespace.js" />.... <stringbundleset id="stringbundleset">.. <stringbundle.id="sim_stringbundle" .. src="chrome://sweetim-toolbar/locale/sweetim-toolbar.properties"/>.. </stringbundleset>.. .. not used since fix of RNDTBFF-56.. <popupset id="mainPopupSet">.. <popup.id="sweetim_popup_history".. type="autocomplete"/>.. </popupset>.. --> ....

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo-array.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2353
                                                                                                                                                                                                              Entropy (8bit):4.4133762029710155
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:/lQx+UoGfwVGhCyVj8Y1PXDKQDu1BjCxCto6qPlRPd9tfDQnZic4EwKCu9w+zauA:/UBoGfwoht8YF21IfLFDQ4c4kSJzQQ
                                                                                                                                                                                                              MD5:EDE3C37AA333FA205B96194440176B3A
                                                                                                                                                                                                              SHA1:550F751348470DCB586DA42834C26457A4B711B1
                                                                                                                                                                                                              SHA-256:8C2D75157683F82FD0F36058F73B68F924CA0BCA79F5F04D6EE51D31D020970F
                                                                                                                                                                                                              SHA-512:C8FF1992EE4C6C4C10422E67BE140BF7129D9D15F1E250689AEC8742E32BB65821B4BB6CEDC1BDB5447E2B2EB0D3D201546F73CE3FE7C0051D63CE22EC2667D4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..var sim_g_arrTabInfo = null;....function simGetTabInfo(tabId) {.. var oTabInfo = null;.... if (tabId != undefined && tabId != null && tabId != "") {.. oTabInfo = sim_g_arrTabInfo[tabId];.. if (oTabInfo == undefined) {.. logWarning("oTabInfo is undefined");.. }.. }.. else {.. logWarning("tabId not valid");.. }.. return oTabInfo;..}....// adds SIMTabInfo to array, for relevant tabId;..// returns the web progress listener object, which is associated with this tab..function simAddTabInfoToArray(tabId) {.. var result = null;.. try {.. if (tabId != null && tabId != "") {.. // step 1.. // create array, if not created already.. if (sim_g_arrTabInfo == null) {.. sim_g_arrTabInfo = new Array;.. }.... // step 2.. // create progress listener.. var oWPListener = new SIMWebProgressListener(tabId);.... // step 3.. //

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tabinfo.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11111
                                                                                                                                                                                                              Entropy (8bit):4.412389992855388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:O0+++rWl/S5vHvXm0kqs1zeGY097hKBIBfI/RvWvXHcnmsccCiivJftPk9XCxjM:Ov++O/S5fv1zezi0pMOfn4iBkN
                                                                                                                                                                                                              MD5:603652891F4165AD4CE73E9B4AE82901
                                                                                                                                                                                                              SHA1:AB08428843B571051EB4F15EE2AD03408A04FAE9
                                                                                                                                                                                                              SHA-256:8D5BC4EC85859DD72D92552E8B5EEC890D41DDEB6F42DE4289564F6CB6E0C7FA
                                                                                                                                                                                                              SHA-512:6CA0C10601E1F83392CFEAF84E5BC3BDE60B9BD1B6D247C207CCEC6CF3E9215EE996C2C953A13B2C1ECE95781909B3D2A433CEED6EA6960022E89C765A2D8E75
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function SIMTabInfo()..{.. this._webProgressListener = null;.. this._sSearchString = ""; .. this._bHighlight = false;..}....function simGetSelectedTabBrowser() {.... var index = null;.. var oBrowser = null;.... index = gBrowser.mTabContainer.selectedIndex;.. if (index != null) {.. oBrowser = gBrowser.getBrowserAtIndex(index);.. if (oBrowser == null) {.. logWarning("oBrowser == null");.. }.. }.. .. return oBrowser;..}....function simGetSelectedTabURI()..{.. var oBrowser;.. var oUri;.. .. oBrowser = simGetSelectedTabBrowser();.. oUri = oBrowser.currentURI;.. .. return oUri;..}....function simGetSelectedTabHost()..{.. var oUri = null;.. var oResult = null;.... oUri = simGetSelectedTabURI();.. if (oUri != null) {.. try {.. oResult = oUri.host;.. } catch (e) {.. // we get here when tab is opened with "Addons Manager", in FF4.. // or when tab is e

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\tooltip.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3243
                                                                                                                                                                                                              Entropy (8bit):4.391385132766343
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:ijC31Dmdj5UY2c6Q6gm6aL6eN76bL6z/S:ijQ1Dmdj5J2PzgFa+eNub+z/S
                                                                                                                                                                                                              MD5:3CB6E2DE74E1DBA38BF405DD21786908
                                                                                                                                                                                                              SHA1:0E0B2EA4AF92DFF76FCBBA0F83D1659C6BB6A229
                                                                                                                                                                                                              SHA-256:155DF0BA4DFB6E9792D291B1C58B738EC0F908665E594205BA1445CC6EAF55B8
                                                                                                                                                                                                              SHA-512:E7A84B89EA6B18DE5298FE5632C71601423D989D17009D6D85E4B550848541838C9F2F8027938E379644E5D72802880B8576CF10B76338DC62B7AE413F70ADA5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// Explenation: why we use "simOnTooltipNeedText" for dropmarkers:..// This method is used to set a tooltip to a dropmarker,..// Since setting "tooltiptext" doesn't work...// This code was used (and didn't work):..// oDropmarker = document.getAnonymousElementByAttribute(oButton, 'class', 'toolbarbutton-menubutton-dropmarker');..// oDropmarker.setAttribute('tooltiptext', strTooltip);..// As said, it doesnt't work (apparently requires adding xbl binding), so the trick with..// "simOnTooltipNeedText" is used instead....function simIsFromDropmarker(node)..{.. var result = false;.. try.. {.. // this "trick" is not documented... // it is by trial-and-error, and comparing all.. // atrributes of the button, when the mouse is over.. // the button itself VS mouse is over the dropmarker.. if (node.hasAttribute("buttonover")).. result = false;.. else.. result = true; .. }.. catch(e).. {.. logS

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\uninstallobserver.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6308
                                                                                                                                                                                                              Entropy (8bit):4.322938270187311
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:FizaB32QhH8Ocuzwa5o4KQqkhJzyjz35UAlxlONyOopRQMVD:xNlWVv5zkCZjlxAqzQMVD
                                                                                                                                                                                                              MD5:D6F084EB3DB05BC7DE868C5A43266E22
                                                                                                                                                                                                              SHA1:31EDAEE1B293F2304AFEAA1F8DC655FAE8D97947
                                                                                                                                                                                                              SHA-256:D3144F66CA27D00ADD929B16A377EB4197BE80403F104FB577E48EE7CBB02A1A
                                                                                                                                                                                                              SHA-512:B4F2382A0473755FB495ECD00EBF3C4FAB00163BC07F2DDEC737E3358EE7F922399834416DE1C6A5AFAD47D68D1F3F10319F4DACA02D33BB232B99121F37C933
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// based on:..// Creating an uninstall script for an extension..// http://xulsolutions.blogspot.com/2006/07/creating-uninstall-script-for.html....const g_SWEETIM_EXTENSION_UUID = "{EEE6C361-6118-11DC-9C72-001320C79847}";....function simInitializeUninstallObserver(){.. .. logEnter();.. .. try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simAddAddonListener();.. }.. else{.. sim_g_UninstallObserver.register();.. }.. }catch(e){.. logSevere2(e);.. }..}....function simUninitializeUninstallObserver(){.. .. logEnter();.... try{.. var bFF4 = simIsFirefox4BetaOrLater();.. if (bFF4){.. simRemoveAddonListener();.. }.. else{.. sim_g_UninstallObserver.unregister();.. }.. }catch(e) {.. logSevere2(e);.. }..}....var sim_g_extensionManager = null;....// gets the extensions manager ("addons dialog")..function simGetExtensionsManang

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version-ff.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3189
                                                                                                                                                                                                              Entropy (8bit):4.859823909450792
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:yNLUXUmNLUdUoNLUuUhNLUYUGNLUbUxVGs+:y+km+Oo+5h+PG+IxVGs+
                                                                                                                                                                                                              MD5:626EC7868806436521619FFA2D4C43AE
                                                                                                                                                                                                              SHA1:7CC61D0CF2655750D4DE24A019EB68C49F24F9C3
                                                                                                                                                                                                              SHA-256:23A71210EAEE3F9CE45FA18C4066469D1D08246228999A32FDE68AB7A04A21ED
                                                                                                                                                                                                              SHA-512:A6C43FDB39890D82140DA955FCEDF33EAC0B1195ADE82A865C8DF4AE8397989C1696A400DAE5BBC38CC3AED590A041F1314C42E7B0DC5CB2A8A5C14AB914E46C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// geckgo version < param version..function simGeckoVersionLessThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) < 0) {.. result = true;.. }.. }.. else {.. logSevere("kCI.nsIXULAppInfo");.. }.. return result;..}....// geckgo version > param version..function simGeckoVersionGreaterThan(version) {.. var result = false;.... if (kCI.nsIXULAppInfo) {.. var appInfo = kCC["@mozilla.org/xre/app-info;1"].getService(kCI.nsIXULAppInfo);.. var versionChecker = kCC["@mozilla.org/xpcom/version-comparator;1"].getService(kCI.nsIVersionComparator);.. if (versionChecker.compare(appInfo.platformVersion, version) > 0) {.. result = true;

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\version.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1864
                                                                                                                                                                                                              Entropy (8bit):4.240060812234503
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:lrzBe/hEjROmSYbh/VQB3tE2kDZeD2ex1ckibN2TaSDpzt7/R4V3Dnce:5IcrRhdQptEVeEO767ce
                                                                                                                                                                                                              MD5:2871DC9B99AEEB281122611968CFF89A
                                                                                                                                                                                                              SHA1:3FEBAD1B619F1E00C4D028D4BF6EAD1C68BF8BAD
                                                                                                                                                                                                              SHA-256:D26BEA9835FD7449906E44DCD8A390C8FB6F1A56D3BBA76D8F0331C36ED01CD3
                                                                                                                                                                                                              SHA-512:43489D6C1ECC3C3A34B421D13893F1BF5BD1A074F79C050965B3CD2950333FAF8D10A4E5B9751C11A737B09EACF975A9694186A0AFA612DB3E3788282F797B45
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:....// globals, used for getting version in FF4..var sim_g_version = null;..var sim_g_event = null;....function simAddonManagerCallback(addon) {.. try {.. // step 1.. // set global value.. sim_g_version = addon.version;.. // step 2.. // set evant.. sim_g_event.value = true;.. } catch (e) {.. logSevere2(e);.. }..}....function simGetVersionFromRDF() {.. .. var version = "";.. try {.. logEnter();.... var oDetails = null;.. oDetails = simGetAddonDetails();.. if (oDetails != null) {.. version = oDetails._version;.. }.. else {.. logWarning("oDetails != null");.. }.. }.. catch (e) {.. logSevere2(e);.. }.... return version;..}....function simUpdateVersionFromRDFInPrefs()..{.. try.. {.. var version = simGetVersionFromRDF();.. simSetConfigValue("version", version);.. }.. catch(e).. {.. logSevere2(e); ..

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\wait.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                              Entropy (8bit):4.159322508675548
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:1nI9uwAoWL0vDaGH557rFqiVvHZfcaUsicL:1n4u9S5vEi55kaucL
                                                                                                                                                                                                              MD5:29473F2C75F43F49572F1BF8868B9C74
                                                                                                                                                                                                              SHA1:17091A09EFC714CF73A0C0211CDE5B4670624148
                                                                                                                                                                                                              SHA-256:F336277ED0859E586E814110D7260345BBB9531DD0914A1B9F72A27BCEBB8286
                                                                                                                                                                                                              SHA-512:C071FD05145916BAF91F572D0DBECF91931D11E7126C7354AB0BF61C2A0DEBE6CF7D1EC58BD240A876C08E633D7EA8D76B8C1F2F233DC9F67425C2925A782A5D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..function simMyEvent() {.. this.value = false;..}....// waits till the param event value is set to true..// returns true if event coccured, false if timeout reached..function simWaitForEvent(oMyEvent, timeout) {.... var result = null;.. try {.. var loops = 0; // used only for debug.. var start;.. var now;.. var elapsedMillSecs;.. var thread = kCC["@mozilla.org/thread-manager;1"].getService(kCI.nsIThreadManager).currentThread;.... // step 1.. // take snapshot of current time.. start = new Date();.... // step 2.. // while event not set to true.. while (oMyEvent.value != true) {.. loops++;.... // step 3.. // check if timeout elapesed.. now = new Date();.. elapsedMillSecs = now.getTime() - start.getTime();.. if (elapsedMillSecs > timeout) {.. // if timeout elapsed -> break.. result = false;.. br

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content\webprogresslistener.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2992
                                                                                                                                                                                                              Entropy (8bit):4.687458025277307
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:V7BcIl2uVA1wbXMJGOPbySbKH/JWRU8rSWTeAgn9:5BRwKHhWRJSWTeh9
                                                                                                                                                                                                              MD5:D7AC8AA1B5ED24A1CE649258252D0184
                                                                                                                                                                                                              SHA1:CC9B641450B84CDE7D0936043836B4E7C53F42FC
                                                                                                                                                                                                              SHA-256:E3B25502DCA1B164A6F01F087EF913F9F7B869989BF09FE70EFF747D0BA59CBA
                                                                                                                                                                                                              SHA-512:DCAAE7CC5FB24346BECD5B11F244EFBED30625404048F7ECB9678F0567BAF627D8C4D5A205C7A79425D14DC561856D258F56E0FAD2DB7EAE1223439A7DD96ED0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..const WP_NOTIFY_STATE_NETWORK = Components.interfaces.nsIWebProgress.NOTIFY_STATE_NETWORK;..const WP_NOTIFY_STATE_DOCUMENT = Components.interfaces.nsIWebProgress.NOTIFY_STATE_DOCUMENT;..const WPL_STATE_IS_NETWORK = Components.interfaces.nsIWebProgressListener.STATE_IS_NETWORK;..const WPL_STATE_IS_DOCUMENT = Components.interfaces.nsIWebProgressListener.STATE_IS_DOCUMENT;..const WPL_STATE_START = Components.interfaces.nsIWebProgressListener.STATE_START;..const WPL_STATE_STOP = Components.interfaces.nsIWebProgressListener.STATE_STOP;......//..// Object SIMWebProgressListener..//....// Listener which catches events when page is being loaded within a tab...function SIMWebProgressListener(tabId)..{.. if (!tabId).. {.. // get current tab id.. tabId = simGetSelectedTabId();.. if (tabId==null || tabId=="").. {.. logWarning("invalid tabId");.. }.....}.. this.tabId = tabId;..}....// Listener object - designe

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3226
                                                                                                                                                                                                              Entropy (8bit):4.968367102212091
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:wt3gCoVqrKAh+1zqI1tKSUyjBCS43IBAdTSmTHCow3pCeVLLv:OMYL0zqOIbAAVTQpBV3v
                                                                                                                                                                                                              MD5:343E720BF01C524700FD1371E25ED76F
                                                                                                                                                                                                              SHA1:4513CE9406E22284E73D8235807B8EC341801FAC
                                                                                                                                                                                                              SHA-256:E5F0DC1A6B2A6B251C616B05A18AA0E56CAB386646F7806B2753C3D1BEE63BFB
                                                                                                                                                                                                              SHA-512:0794397E3706E3CBBEF9473E03DD6CBC3594A818458FC6EF2E33E9B53EAA4C85F5F40E7BF0426255D68DFC13B881B6925CF884D07E756081073D098A80EA9D9E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Start">..<!ENTITY sweetim.main_menu.search.label "SweetIM Suche">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Zu den SweetIM Foren gehen">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Hilfe">..<!ENTITY sweetim.main_menu.feedbcak.label "Feedback Schicken">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Kontaktieren Sie uns in allen Fragen rund um die SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Datenschutz">..<!ENTITY sweetim.main_menu.privacy.tooltip "Datenschutzinformationen zur SweetIM Toolbar f.r Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Hier k.nnen Sie Ihre Cookies l.schen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Cache

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1618
                                                                                                                                                                                                              Entropy (8bit):4.780426889876654
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E915lh2Z3IlUPDmTGEcLvKESsO96yTiTXKo8HqybkE/rOeopllQPVY:kuIWShmvKETOEHkqA3mt
                                                                                                                                                                                                              MD5:A9B471175D46F7E036E663F420F7B8F1
                                                                                                                                                                                                              SHA1:FB4BF0AC6393BBF9D10E8243F0660A1B0E86165F
                                                                                                                                                                                                              SHA-256:C0493FC117448470EA45CC0C303FC24597B6F73DBC3B5CEC823A34ACEAC3A224
                                                                                                                                                                                                              SHA-512:C0DA03C559E677F9D566575FCA19522064D6D6BD048644143DF1DEE606E89072E950C593A3F8052412BDD9627926FDEC5EA845C8EA58C7928B714E20A0B204B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Hervorhebung der Suchbegriffe auf dieser Seite umschalten..sweetim.property.button.highlight.disabled.tooltip=Text im Suchfeld eingeben um ihn hervorzuheben..sweetim.property.button.findword.tooltip=N.chstes Vorkommen von '%1$S' im aktuellen Dokument finden..sweetim.property.history=Chronik..sweetim.property.button.main_menu.tooltip=Zu SweetIM Suche gehen..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Men...sweetim.property.button.search.tooltip=Web-Suche..sweetim.property.button.search.dropmarker.tooltip=Klicken Sie zur Auswahl anderer Sucharten ..sweetim.property.menuitem.chevron.highlight.label=Highlights..sweetim.property.uninstall.title=%S deinstallieren..sweetim.property.uninstall.text=M.chten Sie die SweetIM Homepage und SweetIM Sucheinstellungen beibehalten, so dass Sie weiterhin schnellen Zugriff auf leistungsstarke Internetsuche genie.en k.nnen?..sweetim.property.searchguard.hp.caption=Homepage-Einstellunge

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3103
                                                                                                                                                                                                              Entropy (8bit):4.908927731948598
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:1BMMgluIHzUgLA9k3tgxmHMdT8fdLMMB4ZqBMMwMCtMVLuMv:/j+VzUCYUsqlwujnPVNv
                                                                                                                                                                                                              MD5:2B62306DADAAC6BC5992539D32CEE068
                                                                                                                                                                                                              SHA1:AEF00558ED94D83E35FE470EE31574201D02ABC4
                                                                                                                                                                                                              SHA-256:B79F50D22CB081A3C96AFAAB7E362A60C2259C0A76B82B94DDFAF2370A9A8E36
                                                                                                                                                                                                              SHA-512:C7B39C09C9FF5B2BA75634DD79D199F4189784192F5FFCF933B3CA4AA049E65EC1308D63C3BD3A65C0E369C6291DC80A37397AD1CCDB528B134F9C6F9466BD4C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Search">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Message Board">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Go to SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Tracks Eraser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact Us">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contact us in all matters relating to SweetIM Toolbar for Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy Information">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Toolbar for Firefox privacy information">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Clear Cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "This will erase your cookies">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Clear Cache">..<!ENTITY sweetim.trackserase

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1535
                                                                                                                                                                                                              Entropy (8bit):4.634286586985755
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Gs82eGZumVva6g3VreT3un57aoPUakT+4bXakT+f5oLJhbB:F6uYvIreT0GoCTLlT8qJn
                                                                                                                                                                                                              MD5:F328392AF820D3B5E73CFCB4982270AE
                                                                                                                                                                                                              SHA1:741DCA0A4BE0FC3F9F43ADE15FABA882243CF785
                                                                                                                                                                                                              SHA-256:04AEB167614D959F0EE1FBA37D10018D3CE8D77C0AC8336E0A2C388DDEF63AF5
                                                                                                                                                                                                              SHA-512:74BE6B647AEEEB2DAE2B7160ABDE358B9A208E4F6DB7D8DDF69147E7831CEBAD9171A1E311264143CA6528FA8B1CE80C1CC13EAE2549707A685BC517234AB87F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Toggle highlighting of search terms on this page..sweetim.property.button.highlight.disabled.tooltip=Enter text in the search box to highlight it..sweetim.property.button.findword.tooltip=Find next occurrence of '%1$S' in current document..sweetim.property.history=History..sweetim.property.button.main_menu.tooltip=Go to SweetIM search..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Search the Web..sweetim.property.button.search.dropmarker.tooltip=Click to select other search types..sweetim.property.menuitem.chevron.highlight.label=Highlight..sweetim.property.uninstall.title=Uninstall %S..sweetim.property.uninstall.text=Would you like to keep the SweetIM homepage and SweetIM search settings so you can continue enjoying quick access to powerful internet search?..sweetim.property.searchguard.hp.caption=Home page Settings Change..sweetim.property.searchguard.hp.message=Your default

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3363
                                                                                                                                                                                                              Entropy (8bit):4.953586806232814
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:el1K9muYgYqOHznSNEnlZoY8rSYQhfY3cThI/5s7YFfLC:Y5zKEgSI/5OYFf2
                                                                                                                                                                                                              MD5:DA4E42A8F0D9CB3FE917D9B08DFF4E44
                                                                                                                                                                                                              SHA1:9224598E58A628E1125683A8C17823B269380DF9
                                                                                                                                                                                                              SHA-256:3B2597E3A3995619AD16ED69829FA0990CDFFB97B7F6525E3D9F05C2BF46D83C
                                                                                                                                                                                                              SHA-512:B3D36A91B073CFC63CC6CE4A9759564D9825E49B89140C4A0170C6654E61B43C0781524218BA6694F522B0D71FC50F86AB3537F9D8C2D62C462B43E632AB90A4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Inicio SweetIM">..<!ENTITY sweetim.main_menu.search.label "B.squeda SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Panel de mensajes SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ir a Foros SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Borrador de pistas">..<!ENTITY sweetim.main_menu.help.label "Ayuda">..<!ENTITY sweetim.main_menu.feedbcak.label "Cont.ctenos">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "P.ngase en contacto con nosotros en lo relacionado con la barra de herramientas SweetIM par Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informaci.n de privacidad">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informaci.n de privacidad para la barra de herramientas SweetIM para Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Borrar cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Borrar. sus cookies">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1805
                                                                                                                                                                                                              Entropy (8bit):4.692581821283924
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9zIxp2HNZB46N8vLcJxcyRIE2BZwuu39Aue1SXi9n4uevlXe9hue+:2IxiNZB4xvLMxvaK9AueN9n4ues9hue+
                                                                                                                                                                                                              MD5:390E575C828684329B97619EB451ED83
                                                                                                                                                                                                              SHA1:651CBB3F2C1C8A360CBAE4D00E77AD3FAF24A330
                                                                                                                                                                                                              SHA-256:67FD3B472B8243E1B101BA54427E78C0C3C0DCC1EE61E1389A6C0BFA70CE5A9C
                                                                                                                                                                                                              SHA-512:6F7BA65224DE94A5D388D6CAF23B544A95FBE9B059680743C2D48D979B4BAFD4D1A8897E2E97415E1D77AD8AD4ACC5952C981E757428730456714FFF81D5F571
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Alternar el resaltado de los t.rminos de b.squeda en esta p.gina..sweetim.property.button.highlight.disabled.tooltip=Introducir texto en el cuadro de b.squeda para resaltarlo..sweetim.property.button.findword.tooltip=Buscar la siguiente aparici.n de '%1$S' en este documento..sweetim.property.history=Historial..sweetim.property.button.main_menu.tooltip=Ir a b.squeda SweetIM Search..sweetim.property.button.main_menu.dropmarker.tooltip=Men. SweetIM ..sweetim.property.button.search.tooltip=Buscar en la web..sweetim.property.button.search.dropmarker.tooltip=Hacer clic para seleccionar otros tipos de b.squedas..sweetim.property.menuitem.chevron.highlight.label=Resaltar..sweetim.property.uninstall.title=Desinstalar %S..sweetim.property.uninstall.text=.Le gustar.a conservar la configuraci.n de la p.gina de inicio SweetIM y de b.squeda SweetIM de manera que pueda seguir disfrutando de un r.pido acceso a una potente b.squeda de Int

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3386
                                                                                                                                                                                                              Entropy (8bit):4.946143805128272
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:YUOGEF59RzwDJXc3Ga9jwTfBtVdgs5zglLXMa:gRzwDJCj8fwsIga
                                                                                                                                                                                                              MD5:4FA0C67A5376147914F61095F68FF413
                                                                                                                                                                                                              SHA1:467B3B262F1803CF4CB11F0DF1189305CCA6493C
                                                                                                                                                                                                              SHA-256:38A9AAE24ABCF3ED24EA64E8A1A3831DA557C6B60582A70E3973E4F78B97E8A3
                                                                                                                                                                                                              SHA-512:A53D7BE419CE82A65314FF5404F51CAA9DBDDD999D0B4315095FDFBBCF2E33A2FF26750E39913BD52E15CEF557F26A9076CB2B6DA6394884B8D37093C2865622
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "Accueil SweetIM">..<!ENTITY sweetim.main_menu.search.label "Rerchercher dans SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Forum SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Aller aux forums SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Effacer mes traces">..<!ENTITY sweetim.main_menu.help.label "Aide">..<!ENTITY sweetim.main_menu.feedbcak.label "Contactez-nous">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contactez-nous pour toutes les questions li.es . la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Charte de confidentialit.">..<!ENTITY sweetim.main_menu.privacy.tooltip "Charte de confidentialit. sur la barre d'outils SweetIM pour Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Effacer les cookies">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Ceci effacera vos cookies">..<!ENTITY sweetim.trackser

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1943
                                                                                                                                                                                                              Entropy (8bit):4.7702687098251415
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9Zk52rt7rzISjGKvkN9wqXvljqrKAYsjHZTCQAKYWYaPpT4QPOD0YWIKWl:0NtcSjRvCvljqm+1aaXPYK+
                                                                                                                                                                                                              MD5:4431C2790194EF7E437143F23CDC29E4
                                                                                                                                                                                                              SHA1:7BF58B987029638CF9DE413DC2086E842F429290
                                                                                                                                                                                                              SHA-256:BD64BB1D5964DDA5DCCC0E25ED26C51A10F6F3393DC8F608B7C1EC6F51B352E8
                                                                                                                                                                                                              SHA-512:0C72707E11613C8D3F4794B3FAC82D8CBFC8F1825BA721B5D08F5B718B5CEC8735FE0CA5C9886297F8EAA02189BC08A7A83E5AA030F48545177BFD5B10D91487
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Activer/d.sactiver le surlignage des mots recherch.s sur cette page..sweetim.property.button.highlight.disabled.tooltip=Saisir le texte dans la fen.tre de recherche pour le surligner..sweetim.property.button.findword.tooltip=Rechercher l.occurrence suivante de '%1$S' dans le document actuel..sweetim.property.history=Historique..sweetim.property.button.main_menu.tooltip=Aller . la recherche SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Rechercher sur le Web..sweetim.property.button.search.dropmarker.tooltip=Cliquer pour choisir d'autres types de recherche..sweetim.property.menuitem.chevron.highlight.label=Surligner..sweetim.property.uninstall.title=D.sinstallation de %S..sweetim.property.uninstall.text=Souhaitez-vous conserver la page d.accueil SweetIM et les param.tres de recherche SweetIM afin de continuer . profiter d.un acc.s rapide . une recherche In

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3350
                                                                                                                                                                                                              Entropy (8bit):4.8917769951145
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:IfLNtmvDvLn05w5rzbQryFfDCBJvfToBep+ILYMa:IKbTn05wZzbQGVevcBlITa
                                                                                                                                                                                                              MD5:7AEE63481187ECEE6DB55617A6B75C56
                                                                                                                                                                                                              SHA1:77323755C9533660E759681FBDAEAB3175AA1886
                                                                                                                                                                                                              SHA-256:AD9DC46F37E945240BD28DCE8F0B7E930DBDE6071658A7D1CF2A77C2D1AA8685
                                                                                                                                                                                                              SHA-512:B412F7AFB983D5DB746A3FBEA849D8D6551D5CB632325E2574DFD6FEBADBFA17C0FAD8E7BF2E508BC409C330A28F8270BBCE45FFA43B3C5A145C3048DD64C572
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "Cerca con SweetIM">..<!ENTITY sweetim.main_menu.messageboard.label "Area messaggi SweetIM">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Vai ai forum SweetIM">..<!ENTITY sweetim.main_menu.trackseraser.label "Cancella tracce navigazione">..<!ENTITY sweetim.main_menu.help.label "Aiuto">..<!ENTITY sweetim.main_menu.feedbcak.label "Invia commenti">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Contattaci per qualsiasi problema/quesito relativo alla barra degli strumenti SweetIM per Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Informazioni sulla privacy">..<!ENTITY sweetim.main_menu.privacy.tooltip "Informazioni sulla privacy della barra SweetIM per Firefox">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Cancella cookie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "L'operazione canceller. i cookie">..<!ENTITY sweetim.tr

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1607
                                                                                                                                                                                                              Entropy (8bit):4.584285505783685
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9YN2z/BC7vGlvPljRuq67EVhocEzZGwPFuOpEhoPyY7L:7uiv2vx0q6Q/oLz9OoqY7L
                                                                                                                                                                                                              MD5:E812535CE93B3877F4414DADF040B5F3
                                                                                                                                                                                                              SHA1:2D99203C28D900F4A891D7F0AC1C3B2B12168714
                                                                                                                                                                                                              SHA-256:4E8785F17DBEA4756212BD7705E98DA81A8D850F083E0ED0D97F83370DDCF101
                                                                                                                                                                                                              SHA-512:CED8B831D8117127F593FDB60EB24B7F96AED1E1E5B867886D4BBDC6F127D1B1F8E5413254802B2037537DAE913900877114FE51BC1D8D8A6218192142622BBF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Attiva l'evidenziazione dei termini della ricerca su questa pagina..sweetim.property.button.highlight.disabled.tooltip=Inserisci il testo nella casella della ricerca per evidenziarlo..sweetim.property.button.findword.tooltip=Trova la successiva occorrenza di '%1$S' nel documento attuale..sweetim.property.history=Storico..sweetim.property.button.main_menu.tooltip=Vai a Cerca con SweetIM..sweetim.property.button.main_menu.dropmarker.tooltip=Menu SweetIM..sweetim.property.button.search.tooltip=Cerca nel web..sweetim.property.button.search.dropmarker.tooltip=Fai clic per selezionare altri tipi di ricerca..sweetim.property.menuitem.chevron.highlight.label=Evidenzia..sweetim.property.uninstall.title=Disinstalla %S..sweetim.property.uninstall.text=Vuoi salvare la home page SweetIM e le impostazioni di ricerca SweetIM per accedere rapidamente alla nostra potente ricerca Internet?..sweetim.property.searchguard.hp.caption=Cambio impostazioni Home

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.dtd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3273
                                                                                                                                                                                                              Entropy (8bit):4.947891556350373
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:f2r110JZGwl/a61lQsO1zscYDB0wyPzoSH51UJ+MOl7T+RisLcyFQLtl6WyI76DD:f2rICoEzTq0wyZ1g+fl7TBsaVVm/Lv
                                                                                                                                                                                                              MD5:01AC12BC348313FC5737F0C433088AD5
                                                                                                                                                                                                              SHA1:5C3F83C74ED43303D2A45070237911823DC06624
                                                                                                                                                                                                              SHA-256:B24408110B993F10E2205EA02E71EE66F5D5416304AFE1445F817B956B61A737
                                                                                                                                                                                                              SHA-512:3A0C823819BE7AEA64CC418A583B2974CA35D27573375028F386AEF1473088F172B4582C742C216736338C3126059B6A1457C5DADCAFED0940DF4422E5CE7FDC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<!ENTITY sweetim.main_menu.home.label "SweetIM Home">..<!ENTITY sweetim.main_menu.search.label "SweetIM Zoekfunctie">..<!ENTITY sweetim.main_menu.messageboard.label "SweetIM Mededelingenbord">..<!ENTITY sweetim.main_menu.messageboard.tooltip "Ga naar SweetIM Forums">..<!ENTITY sweetim.main_menu.trackseraser.label "Sporenuitwisser">..<!ENTITY sweetim.main_menu.help.label "Help">..<!ENTITY sweetim.main_menu.feedbcak.label "Contact-informatie">..<!ENTITY sweetim.main_menu.feedbcak.tooltip "Neem contact met ons op over alles wat te maken heeft met SweetIM Taakbalk voor Firefox">..<!ENTITY sweetim.main_menu.privacy.label "Privacy informatie">..<!ENTITY sweetim.main_menu.privacy.tooltip "SweetIM Taakbalk voor Firefox privacy-informatie">..<!ENTITY sweetim.trackseraser_menu.clearCookies.label "Verwijder cookies ">..<!ENTITY sweetim.trackseraser_menu.clearCookies.tooltip "Dit zal uw cookies wissen">..<!ENTITY sweetim.trackseraser_menu.clearCache.label "Ve

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL\sweetim-toolbar.properties

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1692
                                                                                                                                                                                                              Entropy (8bit):4.595629503022333
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:E9R2Xa+CgtWLmDvCwu0D+34bIcgPsVrPbjhgMhgPBQqPpTkg:s5gtgIvnD+tLgbrSTdkg
                                                                                                                                                                                                              MD5:582BEFD8357EB62BD9ADA8CA3F4D3E02
                                                                                                                                                                                                              SHA1:C6F8C959A779F90C99947956E1F38CA1429D08D5
                                                                                                                                                                                                              SHA-256:68513E080CD6D3B3CC9B1D55E5A3EFC40D341E6B7E2C29392A3C0AE046E20BB6
                                                                                                                                                                                                              SHA-512:FA4E7D22912E20ACC1B23214A60C343EA88DA0A20860F061599EE3113D2077964BF356B7ED5028D735911CB942D6359ADF81268BAA28B86AA0CF350F4C280618
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:sweetim.property.button.highlight.enabled.tooltip=Markeren van in- en uitschakelen van zoekonderwerpen op deze pagina..sweetim.property.button.highlight.disabled.tooltip=Voer tekst in bij de zoekbox om die te markeren..sweetim.property.button.findword.tooltip=Vind de volgende keer dat het '%1$S' voorkomt in het huidige document..sweetim.property.history=Geschiedenis..sweetim.property.button.main_menu.tooltip=Ga naar de SweetIM zoekfuntie..sweetim.property.button.main_menu.dropmarker.tooltip=SweetIM Menu..sweetim.property.button.search.tooltip=Zoek op het web..sweetim.property.button.search.dropmarker.tooltip=Klik voor het kiezen van andere zoekfuncties..sweetim.property.menuitem.chevron.highlight.label=Markeer..sweetim.property.uninstall.title=%S de-installeren..sweetim.property.uninstall.text=Zou je de SweetIM homepage en SweetIM-zoekinstellingen willen bewaren, zodat je plezier kunt blijven hebben van een snelle toegang tot een krachtige internet-zoekfunctie?..sweetim.property.search

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileySmile.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4706
                                                                                                                                                                                                              Entropy (8bit):7.939609866150524
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTLTT3Aau8Z3pqoMN4t4qDhV6c:nSDS0tKg9E05TLTTHu8E4t4qDrl
                                                                                                                                                                                                              MD5:72C9881C090F7C954451691AEC0266D2
                                                                                                                                                                                                              SHA1:E0572385B740CAD95B8471A77CF1384A8A4EC687
                                                                                                                                                                                                              SHA-256:510F120EFE2F234C3662020143BC9F606EABCFCB80C901D53EA8BCA753A27E92
                                                                                                                                                                                                              SHA-512:C6A1B65EAEF3C1A3A49A53024F7E4AD898286A2AF8D779E6088B54E95C06616570D39CBCE202E48C59A05224AE41BF8AC66778B4248ED319E6F36A0FEF9FA2E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\SmileyWink.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 47 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4513
                                                                                                                                                                                                              Entropy (8bit):7.923205264207793
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nSDZ/I09Da01l+gmkyTt6Hk8nTJlJ0NDxK+muSJyXnmlqsOc:nSDS0tKg9E05TbaDxLmuuyXmYsOc
                                                                                                                                                                                                              MD5:A75E7B7FB7225134A01B01C6985086C3
                                                                                                                                                                                                              SHA1:C18649F3DC4CFD551CD861FFAFAB51B98B8CBCE8
                                                                                                                                                                                                              SHA-256:000D8E36A1D432D6F6C182D41DEADB3F3B051CC5C5B32AFCAC6B3A80C4D802EA
                                                                                                                                                                                                              SHA-512:590812B335FB7AC128AEB4012960377AB2E2FC1D03A1418287DDFE074874B9C12D0D76F021126EC7FB06668281C2E91ADB678DB4B3B49E612D3BE74E954DA52F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.../...........&.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\bing.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):318
                                                                                                                                                                                                              Entropy (8bit):6.864702191037678
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhPmNp1ZsRgPkHK9SQQxL95uLcIR5lgxmWZ2/vFvgUl7dp:6v/7uNpLmgPe4SQQL9+lggWM/NDz
                                                                                                                                                                                                              MD5:CAF9A4DFDDFD2568B37781AFB55DF16D
                                                                                                                                                                                                              SHA1:60405FE8FE085DC0062B77450A9CE9049552AACB
                                                                                                                                                                                                              SHA-256:05F666FCBD4A108C0DFAEE4BFA0414294694014C35E0603A2E944182C6DA7F2E
                                                                                                                                                                                                              SHA-512:73F133C02944F6FBEB2CD2DD142E2A2808017A1C8153AF8DB2B47143A2BCBFE0FA8E9FFBCC1DA84DC544D8E14FDAF8B34FC1EFF89E60792E84A780D28C32CD38
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....IDATx.c..L....H..A..V~....._!N....1+.W.........A@...f'....P..'..,..'..n.bxu.C..|}.p....c 6P.R.T.(x".C.P.\-..(6(F0XL.1....A.V.]5..5......5...9..M..F..A...X.....`......{.................h.n.[.@....*./...0.@c..........P..10.O.A..5-..........@......%>R....{..,......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\clear-history.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3279
                                                                                                                                                                                                              Entropy (8bit):7.900863279277824
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:CXHt+JcNgOSiS4XsAYNpf2ESN5B6Ee1rEV:2oONgOLPXsAYnIB6Ee1G
                                                                                                                                                                                                              MD5:55FE3A0B1E9F8B4FDB84FC3E206276A2
                                                                                                                                                                                                              SHA1:669B6C3560552027D0C7E4737E1703E52A7D77C0
                                                                                                                                                                                                              SHA-256:5E443B66113C0ED5D2B49EA60E681D9D8B561798ED60C8E53441E63250740E6D
                                                                                                                                                                                                              SHA-512:85E3FBBDE3444D3E8304CA490A9A251D92AE575FE2A0B9A6DE9E86952D958ADF648C106C5DC929B3B2EE2D44114FAEE23635BD57AFEE54F9455FC6A5E642CE5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\dictionary.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3287
                                                                                                                                                                                                              Entropy (8bit):7.891546537282907
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODRqVwJkvMG:bSDZ/I09Da01l+gmkyTt6Hk8nTUwCvMG
                                                                                                                                                                                                              MD5:A143CA61BD925BF5831EE74BDDDF1DA4
                                                                                                                                                                                                              SHA1:D0E822D6BACEA7F506481037176E04457D719DC5
                                                                                                                                                                                                              SHA-256:54B97C1D6C6F4D704D16C953FE100D4453FC5592FD9EF5AFB33260890FDB0618
                                                                                                                                                                                                              SHA-512:104544409128871B258B9623E942F07E37CF485C5A3EB3AF0EC8BC99E0D5C756D236F2F63BB267DACA87F6D2DCC0DE03F62C99AB73BC048A0660A80B87A3F308
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\finance.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3410
                                                                                                                                                                                                              Entropy (8bit):7.894828125786389
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTBqBXTmTIDY:bSDS0tKg9E05TB
                                                                                                                                                                                                              MD5:E1A82CF04E37B212A2843D9967FC12C4
                                                                                                                                                                                                              SHA1:F096383C90B7C3A8A397671A2E96F81C2958FB0B
                                                                                                                                                                                                              SHA-256:B866837AB746FAFF5D2C6201A270CECC14D7A57A311ABE5AEA4D32C7E02A1CA8
                                                                                                                                                                                                              SHA-512:965FD8C91B4FFE9D0FEFF9FF416057C9651F05A34FCBCF7EB2B4B15F1B36C01C2DF2E169483BC545CDDBF8478ADCA89298E8A4EF7F344BF2AB7170D058C21AC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\find.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3371
                                                                                                                                                                                                              Entropy (8bit):7.896512358734088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTMdfMVRfAQNq:bSDS0tKg9E05TOfM3fNq
                                                                                                                                                                                                              MD5:148C71F4C4A537A1F286ED3F40D39ADB
                                                                                                                                                                                                              SHA1:9FFDA4FBE2C432191B94A7E71A0295899513AC41
                                                                                                                                                                                                              SHA-256:AF8F54A2730DE3323D559A0D0D4272598BA2F13865C2620152AA4E78037E2048
                                                                                                                                                                                                              SHA-512:8B6B397BEC1DA5EA85E04DB3C0C4E6EB4F9DC4EDC1760EF5FDC62B970182BE4F2E61C391038F71D9F89583CCAF4786EE9CE6039C0E595CCD783C86636750BCB2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\google.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3341
                                                                                                                                                                                                              Entropy (8bit):7.887714626414327
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:nT2SDZ/I09Da01l+gmkyTt6Hk8nTno/AW0QE+H:T2SDS0tKg9E05TnoIy
                                                                                                                                                                                                              MD5:A66632B80FC122541E246BAD41A3E0EE
                                                                                                                                                                                                              SHA1:2BACE9CCC0D1E4BBDF578755718FB61E60190AB7
                                                                                                                                                                                                              SHA-256:8257229ACA8F9E1BA64A9D881A16817B216A429867E7FB9DF7D15915663B7E67
                                                                                                                                                                                                              SHA-512:0E2F088B7E681C5172548A57F5D175701F9873B8D56ADB06ED633A724AE94FA6E659D80A3A9BFC9FCDF59B311E6CB5A85513FE47DF33A2025073F95A88830BDF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight-disabled.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3217
                                                                                                                                                                                                              Entropy (8bit):7.892286714994252
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTgQCZuEaGOo2:bSDS0tKg9E05TqZaGc
                                                                                                                                                                                                              MD5:DC3494FFF24914D9D2D021BD8D25D6DD
                                                                                                                                                                                                              SHA1:D291D3FFE012D546353FEAA032DE8F427B37C5A5
                                                                                                                                                                                                              SHA-256:974907293EC367914CDAE7AA701000790AC63F1AFE977E06F3A16D4DA37932A5
                                                                                                                                                                                                              SHA-512:2E8612ACCB12FB144C4C656C9664123A68311C115960DD9AA91CF344C6A7ED73C4574E916DD2FB4B56560C3897A39C128F280A5DA1182E0B48DF8A6FA41B8EC4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\highlight.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3216
                                                                                                                                                                                                              Entropy (8bit):7.8906601217003995
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODhn1aYaZe3:bSDZ/I09Da01l+gmkyTt6Hk8nTJ11aZu
                                                                                                                                                                                                              MD5:29D046A3F81292EE314864085A63FF81
                                                                                                                                                                                                              SHA1:9B6B8A5E556B475E2E18CE6875D9561AF07DF37C
                                                                                                                                                                                                              SHA-256:B5B6674E9D6CA9441C93D1F14C1203C75DCD3F756C8AB990FB736EB8EA02D1AC
                                                                                                                                                                                                              SHA-512:93933BF98A7E2ADDE07218FF71339386A40D42C55CFDDFBAFB77C8720370999E5276007B1BF1D775D9EB0397A66A34776E081966A4FD0EBED59A1B0E086CC2B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3239
                                                                                                                                                                                                              Entropy (8bit):7.888643295675962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODCRALs03pS:bSDZ/I09Da01l+gmkyTt6Hk8nTdLNZi
                                                                                                                                                                                                              MD5:28FDADB259A8077E09F442CA8EE1FFE5
                                                                                                                                                                                                              SHA1:9F93FD60CFC263758E2893813FC2EBD2AC3BB352
                                                                                                                                                                                                              SHA-256:9B519A9E1A1B17921268F552120BEE46DCBBC0BAA8BD888524BE0F7278172F6A
                                                                                                                                                                                                              SHA-512:E5926D42E2C79DFE415132156CADE34830B98F81D359F8AF2272F7B0B723C93770AA40F4478545ED01F7C4D23B051700641E33F36ACDF8C7E4736B0BA0102F50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\logo_32x32.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                              Entropy (8bit):7.7115682629611495
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7iMXQbYxUmLXrR83gsck25T8crr2vU3w9lFKms5QQjsa7mwetd2xJ+qjsq+Ka:BbYxUmLXd83RMBwl9g6wo5q/+Kdpi
                                                                                                                                                                                                              MD5:CE93245253E7D87992B0BA17501BCCCE
                                                                                                                                                                                                              SHA1:EB886BDAD9250A51E1DC7C3E46E34AEA684253D0
                                                                                                                                                                                                              SHA-256:CC355E7C9F6C28CA686489EC62307BDA4BBC580D7479794B9080F48E8D1B288D
                                                                                                                                                                                                              SHA-512:CB1FB5E8F26542D22194970CCCDF575780E0D29710576DA925E03A0140FCDB443A58A8CCC0F6993968F0FADFA69D2BC2CA708AA002565A24E5D0E68A7631E6AC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..W.k.Q..^.).:...*.\.......E#..ED...C.]...`..((h...g&....n....z..Q......\r^.....K..~?...|...y.LrL....X.y)3==.e..r....I.....JOc)`r.D<.b.0K..rl..x......9.E......oc...g.....Y.9.>..-..'....{.q.@..|....Nc^...9I.^.=...2.6....@..g...K...@.....D.......z../....A..b....0N......Q....V.:...@...Yu..8.....*).......g...Ik......Q...zp..b.._...'}.W..$....5.M....)...[..)z....UR..<..2.F.m.W....>._i........-3..Y..._.........u.....$.x.-...L.=...g...Wf...l..0...v...J....{..iC..p..x.k!....^...^.rE..8.hFA....s..l...~@...H.#a8...)O:HX[.......p`9f...\.?.ND...rJ.1...P....nq..........a.Q_.l.X{.Z\KV.*.'.]0...#.Rq....o...P........>z.q.....[......,'.S."J1;.w$.s...x......s..."03.&......Rl?`..6.......-6.D.........ZDw>@....X..e.Ym.......QTgD..........4o*>...=.8...,.!r..+.'........u.[...............IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\more-search-providers.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3352
                                                                                                                                                                                                              Entropy (8bit):7.8931164626831265
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD8T/BbqEhZ:bSDZ/I09Da01l+gmkyTt6Hk8nToqeGM
                                                                                                                                                                                                              MD5:3D5838DF2B73465BAE62A24C4227B8DA
                                                                                                                                                                                                              SHA1:6DBC88054A5CEBC0BD528965E232ECA12B7FF841
                                                                                                                                                                                                              SHA-256:910F08F5D49FE7D48E4C04E2A2872B67E5210A16AD10611D89D23009A58AE225
                                                                                                                                                                                                              SHA-512:D6DCE4ACE8CC5823A2E54265D9207C37D84A2D5F43B57E0EBE4BB08C2EC051F507730B46F0F5AD3B90E13DB6C7D4DB1946F0FD3A7B25A5EC14A92769CCB40772
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\music.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):969
                                                                                                                                                                                                              Entropy (8bit):7.762222484405286
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:H99+nx2odKpOu5EoaHoA4JtF7yq3W4T9bx+Z6JEGY:d8x2odKpOmZ6rStF75m4Txx+ZaEGY
                                                                                                                                                                                                              MD5:6CCA94CDF2EB6A5FF419733DF8E89C8B
                                                                                                                                                                                                              SHA1:9B53E137FE7C6FE398403EED10CBFEE303CC2A83
                                                                                                                                                                                                              SHA-256:5F424A3EE5FE6892ECB699ECC07D21A8749166FD5356E6AAFBF6564B0DD0B3F3
                                                                                                                                                                                                              SHA-512:C1D45F195837E4AD1BF78F1BF5A7C418734E69D4C477D807ED34B034E079B35127757E3F29B8725070C4C93063574155A031E88E50CDECA93FF1B6789E85D2ED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...kIDATx.tS]lSe.~.s.sN.u....m...J76p..!Q.2p.h.T.....\.h.z...&^.h.d$#q*.............c.m..u....==?~%$J.O.\}..|....Gvt........l._I)...dd.S.q\..1.x..T./P].,.8......]..]..-.iL._...e.Q..hp#`.....).7L(.$...........D[?.7..*n...Wg..#A2m.Z..d....Df...9g..K..W........H}5.K0+<\../;...os..y..[..k.5%..^I..V..@.1...C.cr.t..MGz./,T...#......z%.>...G5..MG.;:..u..."..,-e....J''p....v........P.....cHmj..w..d[.c...D....... ..v.Y...X..uQ..4........x.68......{..x.i.U....68..5.......s....7..w....JH.V6Q'<."....M5....<.`pFa].W.....90..{c.~...n9..52..AZA.A......h.q_.w..p...{._*Kf.~."...e...e*...g.Y{..]D.w.8.}.......C.Z.....p.^.j.|S..v.J|........Z..,t.<01..''04........l...KB)@..."...].....ja.P.....b@d.|.!........K....$..x......+..(.L-.3..|...ba..Q....C..Q.Z..c...h.*......V.......(...o...`.cl;z./8lf.....7.y...._WEO.;6.._..7g0...Y..a...a.....=..$M.T.S..0._.Y.S.y.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\photos.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3432
                                                                                                                                                                                                              Entropy (8bit):7.890811683389906
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTix2NsDd3:bSDS0tKg9E05TiAgd3
                                                                                                                                                                                                              MD5:3326F38F67E138CD40DF3036A6309F63
                                                                                                                                                                                                              SHA1:8371BACE6C48FC5AF719000E91A627F6DC0CE3AC
                                                                                                                                                                                                              SHA-256:A86EB86BE5BA9BEEA0C3303447F4BAFFF2A8BD49AC2D245F3759C31DE52018FC
                                                                                                                                                                                                              SHA-512:672FD5BDD4753F3E8EB9A30B25E18EA7231DE7208C217E9D55F3A34A794B27626C290E581418229982DEDE7975D21C46E3E9B32F265BCAC8B2FBA56926B5C841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\search-current-site.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):784
                                                                                                                                                                                                              Entropy (8bit):7.695743284796664
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72rnSuDO0xkvVXUTDkIPr5vDeQNMV5PhSEbsqs9GaWzL6gsp2xkIoKzxV7:3SkO02dkTD3Pr5vEQI6L2+IoKF
                                                                                                                                                                                                              MD5:7D4CAAD7B62C2F69274E585D326D2A91
                                                                                                                                                                                                              SHA1:815175D8C54D86B622873FD152BDE7482B6B83D8
                                                                                                                                                                                                              SHA-256:8EF5C62F599935ED9448258366E2DCB209338870B902D803F20081494FE46E51
                                                                                                                                                                                                              SHA-512:5FB3D260220150F1461577287D5D273482207F4CDE362391FE81C643C113A598B440A413B35DDD6520DF55B2AB2C3EDB8A24B2EC2AD681FEAC6C382192A31789
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[HTQ...}f.q4...6h$..iY.1..,...!).@.%..b..QH&./fD..`.FTf....S.My..@^f....xV.(...C...f........D....?........H.zS.mD...Pi...6.&...!a...hs5..;....j@............ZI....<...h.?.!{=.......%.<..n.,.A.....2.t...t.7E....F..H....1kB!z:A..P.s.Len^.....mp...z.:l\...LX.....`...m... .\VV..:lUI...9e8.p..f...o........q.......1...?yTb..-.\....R....X...\..IK.E...T....l..7.Im..jPB.../......B.X...L$.{2.......N6>.e'.N.../.JV|...{s.d..5a..TK7F.q....!.6...Y.w..c/.S..l.w........qvgT.T......!.9...'. 1'I...,~O%.:.R..KHt]i>n.>..G.\.u.Q..0....&.."}....CJ....E.>....B....<VS.....a.i....0.e#.. .K.P...(....._.^i..q.4.Xk.%se.;.....3.}x.=...?;KW...B.q.al..a5._+&..F...{H}..O...@j.i.1w.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\social-networks.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3248
                                                                                                                                                                                                              Entropy (8bit):7.891399431000833
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nT5c656Pp:bSDS0tKg9E05T5cy6B
                                                                                                                                                                                                              MD5:C9E37BF72E41F4266CD7BDC875EA61BE
                                                                                                                                                                                                              SHA1:5D808714D82BC227D2B2F973540B2374D3212367
                                                                                                                                                                                                              SHA-256:88CC5CFDD1B66EDC992A9A348634C641A49626EB06116C1247E349DF5089140B
                                                                                                                                                                                                              SHA-512:DBBAFEAC3A52A2F9CC2E69D7E95CF5D0EE6DEA12E42DA4C3DCB7FD1E754CF9B24D2D31309A529885537EB46C14342965C3AD184D606800773D2B481C94E74F7C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\splitter.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3056
                                                                                                                                                                                                              Entropy (8bit):7.8853902232584545
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:Q/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD5d101/hu7:QSDZ/I09Da01l+gmkyTt6Hk8nT5Q1JVO
                                                                                                                                                                                                              MD5:AEF0A911384F19305EA555EE444D37BC
                                                                                                                                                                                                              SHA1:5EA082A01AF0E52F12EF89B0D675426C8608B581
                                                                                                                                                                                                              SHA-256:68AFC90D338327ABCAC854A19D8C81EB1F9AA4AE7BFB1F53DBBDE899B4FC9E64
                                                                                                                                                                                                              SHA-512:4A669417979F96D72D0E8CC930E48C3F30C4DE4797C525D21CFCBA5C4D02588C804BA30F03595949E8C4C61B67D712D67E96AA2095EE81AC9EE4F4AE03D1FB27
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............,.......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\sweetim-toolbar.css

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4994
                                                                                                                                                                                                              Entropy (8bit):5.055953897720054
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:NHpNbWeC/ElNLI/Qdyc04k4bOoz+Vfh1+4FsXC8Y+b1Ska:NHrS5WNL6Td4k4bOog7+4FsSmpSt
                                                                                                                                                                                                              MD5:73B01090E40193CC727A5FDC58A87FB8
                                                                                                                                                                                                              SHA1:6E1A8174F945A280F7D56B3099206ADAF04D2532
                                                                                                                                                                                                              SHA-256:B60F9FB3F97751D5D05C32DC3F2A417BC086ADE2F7C229D2F95CCD574A8042A2
                                                                                                                                                                                                              SHA-512:C3851B64AE8D3A0BE72EF2ED3C5B700D379A5CCD9FAECBF7F6E5EBC2A80EDF73A38C6FC88F14672B1CD0FDB13DAE409EC0A00970E5946E05EA58B5D1A06E7C04
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");..@namespace html url("http://www.w3.org/1999/xhtml");..@namespace xbl url("http://www.mozilla.org/xbl");......#sim_main_menu_btn_id {.. list-style-image: url("chrome://sweetim-toolbar/skin/logo.png");..}....#sim_search_btn_id ..{.. list-style-image: url("chrome://sweetim-toolbar/skin/web-search-button-glass.png");.. -moz-appearance: none !important;.. -moz-box-orient: horizontal !important;.. /* color for FF 3.6 and later*/.. /*background: -moz-linear-gradient(top, red,yellow,yellow,orange) !important;*/.. background-image: url("chrome://sweetim-toolbar/skin/web-search-button-bg.png");.. -moz-border-radius: 4px;.. border-width: 1px !important;.. border-color: ThreeDShadow !important;.. border-style: solid;.. color: -moz-Text !important;.. font-weight: bold;.. margin-top: 2px !important;.. margin-bottom: 2px !important;.. padding-left: 4px !important;.. pa

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\video.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):869
                                                                                                                                                                                                              Entropy (8bit):7.724749684662738
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/72uhawVsXDd8HrtpLae7I6TeRg7EGrhLADjCznC9c9qtpMaPhvGklVV5KSChX:6aZXAr+jQUg4GrhLUjCLC9lP4G5KS8X
                                                                                                                                                                                                              MD5:920D3D7C15F7AB6E00F2A8C3593CA86C
                                                                                                                                                                                                              SHA1:74147628E2FCF44B2AF427A67DBE6278E8784416
                                                                                                                                                                                                              SHA-256:8D53BA3EF30AA548B8B5870EBF264863AB28BFB28BA0338337EA81FB10E931D0
                                                                                                                                                                                                              SHA-512:6108CE806BA0210A00A8250EBA0A74AAF9934F000C1EEC6E4750068A46EF4447D275C0A89053933B4E3ACE6529F5425D7F0ABBD7F8C2DDE4961A5FA32E9C0F88
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\.[h.y....L&i:.mRl.Z/m...A...ESJ.hY..\...(..(./.y.A.X.a....VE.JD[A7].....K.\L.e2.LlK=p........}.~._.[L_.g...X.....o..s.?.=v.Q......T*..G.gU.D........?...:..U*.w7.`.]]?#z.^....|Q...$M...?dr.&....K.Y...Qq...h.d2e0...|...@.C....:I.....K.B...bo_...X,.iL.UU....]{..f..w....pL.@......9....~..#.%.....J.1.*...'B..U..m.[3t6....4.w......OW.Z.....!..U.g.....L.S&S...`..\N6lX_..z..m.{..$Q....Du5./.........j....dY.{MH..+@(.....O0...2..ZDg..H.4...%..>.n..x<p.6.....".,t..$.......q....o.M2...._...g.-.'...pA.\...}(..G}.&.......'...Rk7i.r...._6...3.#....u...#..s5......%...#..E6.....J...'}....9c..~.E.(!..`.T!y..B.K>.X.%<(Q...W_.......2...).). ..l.....,.,.......i.--..HhL.Q.}..$...Rf..*...Hb...Cnh..T..&.?.e..?v1Q....|...Bk..........!.................IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg-hover.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):976
                                                                                                                                                                                                              Entropy (8bit):2.7857896514822174
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:6v/lhP0ul0+wP6fn7FmT/2NA39NF3wKuNR431pXp:6v/7RyP6n7FmqC9/3luNR61T
                                                                                                                                                                                                              MD5:B1E5876DB65289C13C4977F89810E8A3
                                                                                                                                                                                                              SHA1:1060397CE54CD3F14D37263D0BB87A502F18F300
                                                                                                                                                                                                              SHA-256:F238F4D203FC49E5F80F63F98937F0D599CEFC6C8DE8318F08592BCD88B21D18
                                                                                                                                                                                                              SHA-512:B0247636B355B68576AAE88179D3D5A8B8507203D714DC4284748C98C21F9082A0C04CD6B9333699ADE661BEE58EFB2F554FB9004D4876E2BF6659749E07B1B6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE.........................."..'..'..(..(../..3..4..;..6..;..<..>..C..D..F..C..G..V..h..i..y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z0.....tEXtSoftware.Paint.NET v3.5.2..iC...VIDAT(SE....P.C.+.2.w.T...L.&\O..w..8..m.h.,n.....x....NT".7.).Q."]R.51.cd.$.y.,1../.$..........IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-bg.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 10 x 26, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):981
                                                                                                                                                                                                              Entropy (8bit):2.888407959176497
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7RIy6QksPeAbLJ7G9vcC37KT1ZlyT7NV:dyxAAHJgEO7KbwTRV
                                                                                                                                                                                                              MD5:496F02D84BDCBF2EEF447CA153D1896D
                                                                                                                                                                                                              SHA1:9500DF7258DD9112C24D54772D550E26739EC2A5
                                                                                                                                                                                                              SHA-256:04FD558E122BDD2E2D40AE2BCBB82FAE73F5C9BCB19DED56BDD6C1DD39355B8F
                                                                                                                                                                                                              SHA-512:AA49E9FB7B6255E2EDB72754EFB62C08CA486378824DCF349305B625B9B7731321D12FED396833467A7B5AE231BAF2B5BBF400F51C9D5D72B0DEC2497EE4BB95
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............:=.....gAMA....7.......PLTE..................................................'..*..+..;..<..3../..4..5..8..=..O..@..A..b..c..s..{...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................G.R....tEXtSoftware.Paint.NET v3.5.2..iC...[IDAT(SE...P...!)Iqr.T..%.......3...h.....(N....*......7.....|..Y.R.E..Y.....7..C4.1..^....v.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search-button-glass.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):808
                                                                                                                                                                                                              Entropy (8bit):7.5250979472444355
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/7fwb9aXjZ9t8epIzfIgZsZQc8PXbfTNKmJ6SXE8CBxkuDCfwwxxnXNWxUec:Db9azftTaIZQrbf4mJxXEJ4f3xnXL
                                                                                                                                                                                                              MD5:6863D0B8DD6CB1DAA8F024340EBEF2EC
                                                                                                                                                                                                              SHA1:153107E528C2531A48F3297171A94A6172F4B5D3
                                                                                                                                                                                                              SHA-256:AA79352FEDB4FC20672861188C1D241EFD5236937978EBA04878F6AF5732791F
                                                                                                                                                                                                              SHA-512:EBE4F11A56497EA51546EF581D84705298B0C54DDEF801B14CA754572545134C61C32D3A118A9BF45A68E09F0452D8D8F2F86BE32CB5CAC307B6042A791CA15E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...............].....gAMA.....Z.... cHRM..xZ..o=......z...H.......9....q@T......pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.2..iC...yIDAT8O..]HSq..W.}Bu.UT7.tSQA%EtQ.....1FY.uLd..v.:57ga.N(...}AP..Xu....B.......=..v".gI]t..=......>..(...2.KH..=8hv...~.Z........E....0;...u..;...q .D....H.......(.\.,...7..4..W....{..E?`..FU..R..;..a.;2..I`.[~.~rE."..s.B....Z#.9..9:.}.w........=.O....#W..0..HZ....`.3.v..Cb...S....}.ls.........g.K-..n....OY`.2..8...wG....Z.di.._..8.n..0./...q.=.5.GG.g...\h..;..............K_).~\.0@p.@..DK...(.....@06.[k4.*.4.d......0b'.@....?..;.6O4.x.i..z..R..)O....-8G3!...|..ju..-._a+i.....S....}.gC".#....b..f....y:<j>7...g.......Y.^u=-.)Y_,;../.A..T(s.....Z.......hK5.G.BmF.3e.{.u.d.d...-.^"..!r.....\.*.VI...r.....Bh.+.....IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\web-search.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3337
                                                                                                                                                                                                              Entropy (8bit):7.886640514351696
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTt/4E/TS:bSDS0tKg9E05T/S
                                                                                                                                                                                                              MD5:3E2E639063054CCB59DB68C2A9243AFB
                                                                                                                                                                                                              SHA1:FD9461012CFA0ABD8333645E6A55B87DC5AC6537
                                                                                                                                                                                                              SHA-256:5D79D48F3FC4EEEF3A8C46FEF30DF602BE257730F841B99BECE79F7D9356D7E6
                                                                                                                                                                                                              SHA-512:730CF2834D48BDDA697E580064DAE1060D057A9F39D33C8A632D790F7E0B3097DD70421E31C09D33A914E763CB1C39E2C75554D8F6B4EB11B45A8962E8FBBA37
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin\yahoo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):442
                                                                                                                                                                                                              Entropy (8bit):7.104637400753022
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:6v/78f2s/6T6is1kJ4nnQmCOZBw4r9Ah/kmZscG2E3d:Z2s/6WR1KcnQcF9csmGF3d
                                                                                                                                                                                                              MD5:F64113435D357717C72EBF0E86B317E6
                                                                                                                                                                                                              SHA1:85CA037F08378619D4322A7F4EDBB5FC55AEFC5E
                                                                                                                                                                                                              SHA-256:A3DB26273631B16D9F68100C2C8B9096C899B320AE2C3EE787D31D6DBC0826E9
                                                                                                                                                                                                              SHA-512:F7B60E594EFFDD05E84C8583F205A32BFB87BB4CB084F0B49FDEAF5797B4128AA4B2D72A7FB1FB4FC112CAFF1958C1632E19ED658C564727656604746BECF616
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR................a....sRGB.........bKGD..............pHYs.................tIME.....;'.x.....:IDAT8..!k.@......P"B....S..G..(....eT.15..c.b?`..b.....U#...pb.....L.;r./.^u.}.......yx.Pde...UNA2..EH...7.S..dw.u.....n..G.`|...."+....d5$.!.Jj...Qr.*....J:Q@....*.:=M..S.../.....>_>........r.+...s....\.f..(.d.X..mW...%5.|.\.=.......?.y~.,.%5....%...Q..YY......c....-..N.6.6I.a...1J.\.\y.....Y...jH;.....J...v......IEND.B`.

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9648
                                                                                                                                                                                                              Entropy (8bit):4.9386302416157895
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:BJYDxEranuKJKKgbK7dAKyK+i2vRJx7fhhg9pJt1dR0M5:BJegKkKgbK76KyKQJxlhq5
                                                                                                                                                                                                              MD5:C646B5F72E465DD579A4485EBD5518E5
                                                                                                                                                                                                              SHA1:0696375F062FCED5BBB07146D3B21B319B19E862
                                                                                                                                                                                                              SHA-256:9413FD6BF893C926EB6D6908E494A1BB710EA8A9CEA355011D5E3C4249D63F32
                                                                                                                                                                                                              SHA-512:6E1C68587441512974EE6B2654FB05D59D571343234B0EDC3069AD7A5E3D96DEB4751BB18881C799CEE9121D14BB98E95694AB81D849C7D86042F09023153CAB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..// original file:..// "How to implement custom autocomplete search component"..// http://developer.mozilla.org/en/docs/How_to_implement_custom_autocomplete_search_component....// logs an exception..function logException(e)..{.. var message;.. message = "Exception:";.. .. if (e.name).. message += ", name=" + e.name;.. if (e.message).. message += ", message=" + e.message;.. if (e.number).. message += ", number=" + e.number;.. if (e.lineNumber).. message += ", lineNumber=" + e.lineNumber;.. if (e.stack).. message += ", stack=" + e.stack; .. .. if (!e.message).. message += ", full=" + e.toString();.. // dump(message);..}....// load external JS files...// the component is loaded in different namespace than browser..// (e.g. "gBrowser" is not defined here), so we _dont_ need to explictly load it in..// a dedicated namespace object, as done in main.js..var loader = null;..try{.. loader = Components.classes["@mozi

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1630
                                                                                                                                                                                                              Entropy (8bit):5.50969037695185
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:kYH7siLPNKP4p9LN4peoVAHd7wORaN008mZ863VA:bHfDQelSOMNH8Ue
                                                                                                                                                                                                              MD5:C2DD6535605B8AECA43BCBF777F96262
                                                                                                                                                                                                              SHA1:1A037398321F63475887809CD2E1A4A92036DC98
                                                                                                                                                                                                              SHA-256:C3541B4C8C083B134158D839BF5348204E02C48546FB88B4A9933506DE6B5DA3
                                                                                                                                                                                                              SHA-512:84A4B20FE3B354F33F0023F21BB264095F4CE16830D18A0FA24B967E9E974B9D57AA4135E97B6599053DFAB6CCAAB8681956FF2E590E9A9567FA5D3B8A22ECD8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0"?>....<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#".. xmlns:em="http://www.mozilla.org/2004/em-rdf#">.... <Description about="urn:mozilla:install-manifest">.... Required Items -->.. <em:id>{EEE6C361-6118-11DC-9C72-001320C79847}</em:id>.. <em:name>SweetIM Toolbar for Firefox</em:name>.. <em:version>1.3.0.1</em:version>..... Firefox -->.. <em:targetApplication>.. <Description>.. <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>.. <em:minVersion>2.0.0.0</em:minVersion>.. <em:maxVersion>7.0.*</em:maxVersion>.. </Description>.. </em:targetApplication>.... Optional Items -->.. <em:creator>SweetIM Technologies LTD.</em:creator>.. <em:description>all about fun</em:description>.. <em:iconURL>chrome://sweetim-toolbar/skin/logo_32x32.png</em:iconURL>.. <em:homepageURL>http://www.sweetim.com</em:homepa

                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\searchplugins\sweetim.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3547), with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3915
                                                                                                                                                                                                              Entropy (8bit):4.5039484079313326
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:65Vc7FggKebtnL/6q0P7ETojlQXdMdnL2DD:6nc7VKStnT6DxhSDD
                                                                                                                                                                                                              MD5:EF691DD0310399372EAD6FACEEDBE1BB
                                                                                                                                                                                                              SHA1:4F1FA12B9751F78D8B3BF648AEB72C8AC2AB069D
                                                                                                                                                                                                              SHA-256:75E16E17C0299FD6BA42BB0BA8C8AA465634D6395C8DBAEC6E97066468C22AC1
                                                                                                                                                                                                              SHA-512:370EB8D795AB0B676D45602D8750193D795CF455C5492062B6475579EC52BA817A4138A51829EDF028E52DAA216B63B93A7FEDABB552907E0BA0C8A15AFD2A4E
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">...<ShortName>SweetIM Search</ShortName>...<Description>Use SweetIM to search the Web.</Description>...<InputEncoding>UTF-8</InputEncoding>.. <Image width="16" height="16">data:image/x-icon;base64,AAABAAMAEBAAAAEAGABoAwAANgAAABAQAAABAAgAaAUAAJ4DAAAQEBAAAQAEACgBAAAGCQAAKAAAABAAAAAgAAAAAQAYAAAAAABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG5ubkZGRjY2Njs7O1dXV4aGhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH19fSAgIAAKQQATegAUhQAUiwAQawYKHE5OTgAAAAAAAAAAAAAAAAAAAAAAAHt7ewoMHgAbtQAWmAAHLwADFQAGKAAVjgAj6AAQajs7OwAAAAAAAAAAAAAAAJOTkxoaHwAcvQARcAAFHQAVkQAezgAcvgARbgAOXgAi5gAOW2BgYAAAAAAAAAAAAF5eXgAJPAAi6wAUiQAj8AAm/wAl+gAl/AAm/wAg3QAh4AAdwxgYGZWVlQAAAAAAAC4uLgAKQQAm/wAm/wAk9gAk9AAk9AAk9AAk9AAk9wAm/wAdyAAAAnd3dwAAAAAAAB4eHgACDQAf0wAm/wAk8wAk9gAl+QAk9wAk9AAk9QAn/wASdQAAAGdnZwAAAI2NjRMTEwAAAAAHLgAg2AAo/wAh4AEYpgAe0AAn/wAm/wAVjwABBAAAAxcXG3d3dyYnLAAdwwAWkwAAAAAVjgARcgAZqw

                                                                                                                                                                                                              C:\Windows\Installer\48c209.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, ICQ, Subject: SweetIM for Messenger 3.6, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Mon Aug 1 15:43:36 2011, Create Time/Date: Mon Aug 1 15:43:36 2011, Last Printed: Mon Aug 1 15:43:36 2011, Revision Number: {88655337-61D8-45FF-9B01-BB29C2AAFDE6}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3552768
                                                                                                                                                                                                              Entropy (8bit):7.4010672025598465
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:FYyGQnzszN2qXKdtDCSWBXM0BXEhUQM5V3kS8HqSd:SQnzszN2qUONXjAUQMXkZK
                                                                                                                                                                                                              MD5:54D2F6EC72B0A9F8F85E07137F6D098A
                                                                                                                                                                                                              SHA1:5AC5FD5824446DFB7D7FDAE0ED1729D821B1DB73
                                                                                                                                                                                                              SHA-256:A03C61372030D38A2046666E840F25E460F6E3F25DE6583EC4E2FDB28227F484
                                                                                                                                                                                                              SHA-512:F838BEBBC3FDA7EBF93264208B0A89D69B58090509A912DE0F31EBB9E9250678B152FA0616D61B797C20AE582EACD9A8AAFD5BAE4BD0DC6AF54ECC69D46AB3AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...................7...............8...........................}...............................................................................................................................................................................................................................................................................................................................................................................................................................................<...............................................................................................................!... ...'..."...#...$...%...&...)...(...5...*.......,...-......./...0...1...2...3...4...G...6...7...>...I...:...;...=...........?...@...A...B...C...D...E...F...J...H...T.......K...L...M...N...O...P...Q...R...S...V...U...b...W...X...Y...Z...[...\...]...^..._...`...a...d...c.......e...f...g...h...i...j...k...l...m...n...o...p...u...r...s...t.......v...w...x...y...z...

                                                                                                                                                                                                              C:\Windows\Installer\48c20c.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, ICQ, Subject: SweetIM for Messenger 3.6, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Mon Aug 1 15:43:36 2011, Create Time/Date: Mon Aug 1 15:43:36 2011, Last Printed: Mon Aug 1 15:43:36 2011, Revision Number: {88655337-61D8-45FF-9B01-BB29C2AAFDE6}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3552768
                                                                                                                                                                                                              Entropy (8bit):7.4010672025598465
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:FYyGQnzszN2qXKdtDCSWBXM0BXEhUQM5V3kS8HqSd:SQnzszN2qUONXjAUQMXkZK
                                                                                                                                                                                                              MD5:54D2F6EC72B0A9F8F85E07137F6D098A
                                                                                                                                                                                                              SHA1:5AC5FD5824446DFB7D7FDAE0ED1729D821B1DB73
                                                                                                                                                                                                              SHA-256:A03C61372030D38A2046666E840F25E460F6E3F25DE6583EC4E2FDB28227F484
                                                                                                                                                                                                              SHA-512:F838BEBBC3FDA7EBF93264208B0A89D69B58090509A912DE0F31EBB9E9250678B152FA0616D61B797C20AE582EACD9A8AAFD5BAE4BD0DC6AF54ECC69D46AB3AA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...................7...............8...........................}...............................................................................................................................................................................................................................................................................................................................................................................................................................................<...............................................................................................................!... ...'..."...#...$...%...&...)...(...5...*.......,...-......./...0...1...2...3...4...G...6...7...>...I...:...;...=...........?...@...A...B...C...D...E...F...J...H...T.......K...L...M...N...O...P...Q...R...S...V...U...b...W...X...Y...Z...[...\...]...^..._...`...a...d...c.......e...f...g...h...i...j...k...l...m...n...o...p...u...r...s...t.......v...w...x...y...z...

                                                                                                                                                                                                              C:\Windows\Installer\48c20d.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM Toolbar For Internet Explorer, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, AIM, SweetIE, SweetIM Toolbar For Internet Explorer, SweetIM Toolbar, SweetIM Toolbar For FireFox, Subject: SweetIM Toolbar for Internet Explorer 4.0, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Thu Sep 22 19:26:45 2011, Create Time/Date: Thu Sep 22 19:26:45 2011, Last Printed: Thu Sep 22 19:26:45 2011, Revision Number: {F44840C4-6708-42BA-807E-138D61C83EB9}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3027968
                                                                                                                                                                                                              Entropy (8bit):7.344776703975813
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:AWRYyZU3zs91c3fvDas3AgA7Rru1ZQxsxUx4x9rsyPJtAPAGuvwDju00/W6d:dYyZ4oVaAQ1yyUax9rsyPnAbcwPu00/B
                                                                                                                                                                                                              MD5:0FD2EF6954C43CE4D2C1E93825355AFB
                                                                                                                                                                                                              SHA1:981D1C9A6F54053EE736688F562D1C859D9EEE66
                                                                                                                                                                                                              SHA-256:2905553661E5BC69797337318D0DD0A7173A5191C6A7968FB89AB9F0F668D269
                                                                                                                                                                                                              SHA-512:B883393FDF11F4D4370C4E16B7FCC0ED557C5094420E47CFA1D0B3E2FEA0D7CE6B83953FC1197DA306318C807724C1F4A27B93231D53DDBE299607311FE35D7B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>.................../...............8...................................................}.......................................................................................................................................................................................................................................................................................................................................................................................................................<.......................................................................................................#........... ...!..."...%...$.../...&.......(...)...*...+...,...-.......1...0...3...2...M...4...5...6...7...B...I...:...;...=.......>.......@...A.......C...D...E...F...W...H...J.......K...L.......V...O...P...Q...R...S...T...U...G...a...X...Y...Z...[...\...]...^..._...`...c...b.......d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                              C:\Windows\Installer\48c210.msi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: This installer database contains the logic and data required to install SweetIM Toolbar For Internet Explorer, Keywords: Installer,MSI,Database, SweetIM, MSN Messenger, Yahoo Messenger, AIM, SweetIE, SweetIM Toolbar For Internet Explorer, SweetIM Toolbar, SweetIM Toolbar For FireFox, Subject: SweetIM Toolbar for Internet Explorer 4.0, Author: SweetIM Technologies Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2008 - Professional Edition 14, Last Saved Time/Date: Thu Sep 22 19:26:45 2011, Create Time/Date: Thu Sep 22 19:26:45 2011, Last Printed: Thu Sep 22 19:26:45 2011, Revision Number: {F44840C4-6708-42BA-807E-138D61C83EB9}, Code page: 1252, Template: Intel;1033
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3027968
                                                                                                                                                                                                              Entropy (8bit):7.344776703975813
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:AWRYyZU3zs91c3fvDas3AgA7Rru1ZQxsxUx4x9rsyPJtAPAGuvwDju00/W6d:dYyZ4oVaAQ1yyUax9rsyPnAbcwPu00/B
                                                                                                                                                                                                              MD5:0FD2EF6954C43CE4D2C1E93825355AFB
                                                                                                                                                                                                              SHA1:981D1C9A6F54053EE736688F562D1C859D9EEE66
                                                                                                                                                                                                              SHA-256:2905553661E5BC69797337318D0DD0A7173A5191C6A7968FB89AB9F0F668D269
                                                                                                                                                                                                              SHA-512:B883393FDF11F4D4370C4E16B7FCC0ED557C5094420E47CFA1D0B3E2FEA0D7CE6B83953FC1197DA306318C807724C1F4A27B93231D53DDBE299607311FE35D7B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>.................../...............8...................................................}.......................................................................................................................................................................................................................................................................................................................................................................................................................<.......................................................................................................#........... ...!..."...%...$.../...&.......(...)...*...+...,...-.......1...0...3...2...M...4...5...6...7...B...I...:...;...=.......>.......@...A.......C...D...E...F...W...H...J.......K...L.......V...O...P...Q...R...S...T...U...G...a...X...Y...Z...[...\...]...^..._...`...c...b.......d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                              C:\Windows\Installer\MSIC380.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):58312
                                                                                                                                                                                                              Entropy (8bit):4.7831488349783555
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:+0J8+QCTqaxxKkUmFVSarTJym3OZESrcyFKfQLHVM:cCTqYttXDJT+lcfQG
                                                                                                                                                                                                              MD5:74578BF21C4CE56DBB2FBD7616895637
                                                                                                                                                                                                              SHA1:1D6A43E6D47DA777ABE5AA72F39F5C396D7E37E5
                                                                                                                                                                                                              SHA-256:C9CFE837EBA6960CE065653E45FDBB6FE3FD0BBBB0787E29B1881C03A3FCFB56
                                                                                                                                                                                                              SHA-512:F6219335B266C6D78628CA11B7A4C49FDF6C7F1261332B2B4A8ABAC49BE59CC5C6180CAA8CDDB32602C55F546C8CCA3EE7C41AB72859CB07FF9C5BE6E11720AA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.C{J.C{J.C{J.,dA.E{J..gD.V{J.,d@.x{J..XS.D{J.C{K..{J.EXA.A{J..}L.B{J..[N.B{J.RichC{J.........................PE..L...z.&F...........!.....`...p...............p.....................................................................p}..a...0w..P....................................................................................p..D............................text....U.......`.................. ..`.rdata.......p.......p..............@..@.data....3.......0..................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIC4F8.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):99272
                                                                                                                                                                                                              Entropy (8bit):5.488745177846843
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:rVgNTb67hb2MwFTKySgE6bSKycjyc/jVl0TF84G:2b67hvw++SKycjyc/jVlwGd
                                                                                                                                                                                                              MD5:933C5C5D2E46A10AD94AA35F90C8EF01
                                                                                                                                                                                                              SHA1:6CD9F9353A3FABBBC6938AFC1B67285B699F5972
                                                                                                                                                                                                              SHA-256:8E37E9EDE55B240E4E48421A490994665B58AA5E626C6F3E4EE2DA335133CFFA
                                                                                                                                                                                                              SHA-512:2E0DAC354B296682A9A31270584B6B2214664EDB4EB308BB85C9D7F785F08269A1006CAA49ECAE6B0789F71DC9378C29319517B22C0CAF8DFC4D40156960CB40
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zk..zk..zk..fe..zk..ea..zk..e`..zk.IYw..zk..XN..zk.iYr..zk..zj..zk..Y`..zk.T|m..zk.lZo..zk.Rich.zk.................PE..L.....&F...........!................3d...............................................U..............................0................`...............p.......p.......................................................................................text...f........................... ..`.rdata........... ..................@..@.data....R.......@..................@....rsrc........`.......@..............@..@.reloc..t....p... ...P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIC547.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):246064
                                                                                                                                                                                                              Entropy (8bit):6.281194577710972
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:W00SJMe7BTXN5uaP4ynbyH0OVjG2++yJ/gvZDlGn/UpHnTRB5NlIL1AcyolLd0MN:rJMe7pNouR+dVDloUzwy+HN
                                                                                                                                                                                                              MD5:FCA29C205E46CB5993CF6E14E29274D7
                                                                                                                                                                                                              SHA1:46FDC8C732BE34EF6F2B2CA589A8FB7F365B7F9E
                                                                                                                                                                                                              SHA-256:80838302E2BF9BF603F5076EF542D99C88B6CA46785178886E1B8D9E8D101EFB
                                                                                                                                                                                                              SHA-512:45CDAA35C8947DE03AE63FAC02A6676031F1EEA8A90BA32130BD1DEF0B8017CD52800DF0B0C6CCA1320DF19B615E8DFF98143B99CBEA99153ABFA27549315719
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................r....r...l...............&......................r.....r.............r......Rich...........................PE..L.....6N...........!.........0......^................................................q...............................6.......#.......p..................0!.......!..................................8...@...............p............................text...N~.......................... ..`.rdata..U...........................@..@.data...\)...@.......@..............@....rsrc........p.......P..............@..@.reloc...:.......@...`..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSICDA5.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):35838
                                                                                                                                                                                                              Entropy (8bit):5.834087170577405
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:hwGMtwi06WL0WjrQoiScmL//cQLZW4IItRGXqsGacP+CDPFSus:o10xjrQoiScm7HPFSt
                                                                                                                                                                                                              MD5:F64772DFA8F1DD49EE31AA3F9F95AFD4
                                                                                                                                                                                                              SHA1:84F03DE6D0709C1DC91DD8D017D6421391919918
                                                                                                                                                                                                              SHA-256:F3E0F3D04B217BC3E12B8F57D7E32B0FF6932B23C611A6D6A6F2528A54326305
                                                                                                                                                                                                              SHA-512:9C1AD922B58CDFBBDB2C84650A6DF3085D2C9CE94AA082A9B02D06CC2BF6AEBD385824EEC2E3D0499EEE85C9AAEA969A6782ACA1EB31E8F6722683C88E72430A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...@IXOS.@.....@O=.X.@.....@.....@.....@.....@.....@......&.{A81A974F-8A22-43E6-9243-5198FF758DA1}..SweetIM for Messenger 3.6..SweetIMSetup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{88655337-61D8-45FF-9B01-BB29C2AAFDE6}.....@.....@.....@.....@.......@.....@.....@.......@......SweetIM for Messenger 3.6......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@*....@.....@.]....&.{7D8D174B-3913-4B63-AC98-73E40D7D8B60}).C:\Program Files (x86)\SweetIM\Messenger\.@.......@.....@.....@......&.{3FE7B4A9-F987-4178-919D-0352382BC051}&.C:\ProgramData\SweetIM\Messenger\conf\.@.......@.....@.....@......&.{2C982089-08F2-4C7A-BB39-32CD1652E5E4}@.C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml.@.......@.....@.....@......&.{C50A8E86-DD06-4529-95D1-DB619CE4DDFB}&.C:\ProgramData\SweetIM\Messenger\data\.@.......@.....@.....@......&.{305C457F-A573-4331-B422-83E881FD8EE7}..C

                                                                                                                                                                                                              C:\Windows\Installer\MSID16F.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):246064
                                                                                                                                                                                                              Entropy (8bit):6.281194577710972
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:W00SJMe7BTXN5uaP4ynbyH0OVjG2++yJ/gvZDlGn/UpHnTRB5NlIL1AcyolLd0MN:rJMe7pNouR+dVDloUzwy+HN
                                                                                                                                                                                                              MD5:FCA29C205E46CB5993CF6E14E29274D7
                                                                                                                                                                                                              SHA1:46FDC8C732BE34EF6F2B2CA589A8FB7F365B7F9E
                                                                                                                                                                                                              SHA-256:80838302E2BF9BF603F5076EF542D99C88B6CA46785178886E1B8D9E8D101EFB
                                                                                                                                                                                                              SHA-512:45CDAA35C8947DE03AE63FAC02A6676031F1EEA8A90BA32130BD1DEF0B8017CD52800DF0B0C6CCA1320DF19B615E8DFF98143B99CBEA99153ABFA27549315719
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................r....r...l...............&......................r.....r.............r......Rich...........................PE..L.....6N...........!.........0......^................................................q...............................6.......#.......p..................0!.......!..................................8...@...............p............................text...N~.......................... ..`.rdata..U...........................@..@.data...\)...@.......@..............@....rsrc........p.......P..............@..@.reloc...:.......@...`..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSID25A.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):246064
                                                                                                                                                                                                              Entropy (8bit):6.281194577710972
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:W00SJMe7BTXN5uaP4ynbyH0OVjG2++yJ/gvZDlGn/UpHnTRB5NlIL1AcyolLd0MN:rJMe7pNouR+dVDloUzwy+HN
                                                                                                                                                                                                              MD5:FCA29C205E46CB5993CF6E14E29274D7
                                                                                                                                                                                                              SHA1:46FDC8C732BE34EF6F2B2CA589A8FB7F365B7F9E
                                                                                                                                                                                                              SHA-256:80838302E2BF9BF603F5076EF542D99C88B6CA46785178886E1B8D9E8D101EFB
                                                                                                                                                                                                              SHA-512:45CDAA35C8947DE03AE63FAC02A6676031F1EEA8A90BA32130BD1DEF0B8017CD52800DF0B0C6CCA1320DF19B615E8DFF98143B99CBEA99153ABFA27549315719
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................r....r...l...............&......................r.....r.............r......Rich...........................PE..L.....6N...........!.........0......^................................................q...............................6.......#.......p..................0!.......!..................................8...@...............p............................text...N~.......................... ..`.rdata..U...........................@..@.data...\)...@.......@..............@....rsrc........p.......P..............@..@.reloc...:.......@...`..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSID2C8.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):246064
                                                                                                                                                                                                              Entropy (8bit):6.281194577710972
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:W00SJMe7BTXN5uaP4ynbyH0OVjG2++yJ/gvZDlGn/UpHnTRB5NlIL1AcyolLd0MN:rJMe7pNouR+dVDloUzwy+HN
                                                                                                                                                                                                              MD5:FCA29C205E46CB5993CF6E14E29274D7
                                                                                                                                                                                                              SHA1:46FDC8C732BE34EF6F2B2CA589A8FB7F365B7F9E
                                                                                                                                                                                                              SHA-256:80838302E2BF9BF603F5076EF542D99C88B6CA46785178886E1B8D9E8D101EFB
                                                                                                                                                                                                              SHA-512:45CDAA35C8947DE03AE63FAC02A6676031F1EEA8A90BA32130BD1DEF0B8017CD52800DF0B0C6CCA1320DF19B615E8DFF98143B99CBEA99153ABFA27549315719
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................r....r...l...............&......................r.....r.............r......Rich...........................PE..L.....6N...........!.........0......^................................................q...............................6.......#.......p..................0!.......!..................................8...@...............p............................text...N~.......................... ..`.rdata..U...........................@..@.data...\)...@.......@..............@....rsrc........p.......P..............@..@.reloc...:.......@...`..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIDA99.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):58312
                                                                                                                                                                                                              Entropy (8bit):4.7831488349783555
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:+0J8+QCTqaxxKkUmFVSarTJym3OZESrcyFKfQLHVM:cCTqYttXDJT+lcfQG
                                                                                                                                                                                                              MD5:74578BF21C4CE56DBB2FBD7616895637
                                                                                                                                                                                                              SHA1:1D6A43E6D47DA777ABE5AA72F39F5C396D7E37E5
                                                                                                                                                                                                              SHA-256:C9CFE837EBA6960CE065653E45FDBB6FE3FD0BBBB0787E29B1881C03A3FCFB56
                                                                                                                                                                                                              SHA-512:F6219335B266C6D78628CA11B7A4C49FDF6C7F1261332B2B4A8ABAC49BE59CC5C6180CAA8CDDB32602C55F546C8CCA3EE7C41AB72859CB07FF9C5BE6E11720AA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.C{J.C{J.C{J.,dA.E{J..gD.V{J.,d@.x{J..XS.D{J.C{K..{J.EXA.A{J..}L.B{J..[N.B{J.RichC{J.........................PE..L...z.&F...........!.....`...p...............p.....................................................................p}..a...0w..P....................................................................................p..D............................text....U.......`.................. ..`.rdata.......p.......p..............@..@.data....3.......0..................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIE99E.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):58312
                                                                                                                                                                                                              Entropy (8bit):4.7831488349783555
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:+0J8+QCTqaxxKkUmFVSarTJym3OZESrcyFKfQLHVM:cCTqYttXDJT+lcfQG
                                                                                                                                                                                                              MD5:74578BF21C4CE56DBB2FBD7616895637
                                                                                                                                                                                                              SHA1:1D6A43E6D47DA777ABE5AA72F39F5C396D7E37E5
                                                                                                                                                                                                              SHA-256:C9CFE837EBA6960CE065653E45FDBB6FE3FD0BBBB0787E29B1881C03A3FCFB56
                                                                                                                                                                                                              SHA-512:F6219335B266C6D78628CA11B7A4C49FDF6C7F1261332B2B4A8ABAC49BE59CC5C6180CAA8CDDB32602C55F546C8CCA3EE7C41AB72859CB07FF9C5BE6E11720AA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.C{J.C{J.C{J.,dA.E{J..gD.V{J.,d@.x{J..XS.D{J.C{K..{J.EXA.A{J..}L.B{J..[N.B{J.RichC{J.........................PE..L...z.&F...........!.....`...p...............p.....................................................................p}..a...0w..P....................................................................................p..D............................text....U.......`.................. ..`.rdata.......p.......p..............@..@.data....3.......0..................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIEAC8.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):99272
                                                                                                                                                                                                              Entropy (8bit):5.488745177846843
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:rVgNTb67hb2MwFTKySgE6bSKycjyc/jVl0TF84G:2b67hvw++SKycjyc/jVlwGd
                                                                                                                                                                                                              MD5:933C5C5D2E46A10AD94AA35F90C8EF01
                                                                                                                                                                                                              SHA1:6CD9F9353A3FABBBC6938AFC1B67285B699F5972
                                                                                                                                                                                                              SHA-256:8E37E9EDE55B240E4E48421A490994665B58AA5E626C6F3E4EE2DA335133CFFA
                                                                                                                                                                                                              SHA-512:2E0DAC354B296682A9A31270584B6B2214664EDB4EB308BB85C9D7F785F08269A1006CAA49ECAE6B0789F71DC9378C29319517B22C0CAF8DFC4D40156960CB40
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zk..zk..zk..fe..zk..ea..zk..e`..zk.IYw..zk..XN..zk.iYr..zk..zj..zk..Y`..zk.T|m..zk.lZo..zk.Rich.zk.................PE..L.....&F...........!................3d...............................................U..............................0................`...............p.......p.......................................................................................text...f........................... ..`.rdata........... ..................@..@.data....R.......@..................@....rsrc........`.......@..............@..@.reloc..t....p... ...P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIEB08.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):233776
                                                                                                                                                                                                              Entropy (8bit):6.169795023583973
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:0w8rUeLOfh6XNExDvUFi9/ezgDph4Qkos/zbcmffmgPMxoIHHl3aU9QsE5:UUeLqhcQDvU4Hko63f4Bad
                                                                                                                                                                                                              MD5:F6BDC7AB21589CF4D87FE72CB82305D1
                                                                                                                                                                                                              SHA1:24C4B68B09C443B70A473EBE6C277F90F4EDB22E
                                                                                                                                                                                                              SHA-256:8472CD6362C2930383EDD6519FE1E024C49BE6921E4B7935AE37F8FBDEFA9AE0
                                                                                                                                                                                                              SHA-512:28F6BC43E014249B582BA7F17A039618138EF3C9DDFAFEEFE405054469FC34EFE55480F59F3B7AB2080E704F423DF6F96B246A6582C024084AC3AB0DE8A156BA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$bZ.`.4.`.4.`.4.s.].a.4...;.x.4...k...4...k.a.4. -.d.4. (.a.4.s.i.b.4...i.o.4.`.5..4...T.P.4...h.a.4..j.a.4...n.a.4.Rich`.4.................PE..L.....UN...........!.....P... ......:........`.......................................................................................0...............p..0!...@... ......................................@............`..d............................text...^O.......P.................. ..`.rdata.......`.......`..............@..@.data....)....... ..................@....rsrc........0....... ..............@..@.reloc...8...@...@...0..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIEB47.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):30298
                                                                                                                                                                                                              Entropy (8bit):5.625012194082524
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:lZtwkR3FGG1TqEhVqvVpphmslBJrBQ2lH9RTcOXgWjkg6f3Ug8xqfSpNeLNek+v2:lQnvxBJyjOXTB6f3Ug8xqfSlK
                                                                                                                                                                                                              MD5:5FD8B9662BBCFE473D2F682CA0AE91DC
                                                                                                                                                                                                              SHA1:E7231710A7FCBC5758B0C2F911D75F19DC0CAD7F
                                                                                                                                                                                                              SHA-256:63C93E735011E9680F287B9EBD5632EFE8F1AB262BF60C472C1AEFF1160B99D1
                                                                                                                                                                                                              SHA-512:586AFBEFACE2F07747E586E6010C3CFB831C025EF32C3680DCAD379FF0CF437B4C48B56732825F271467F34620380FF3AD96ACF3716D2A13431FDA4641617D5C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:...@IXOS.@.....@S=.X.@.....@.....@.....@.....@.....@......&.{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}).SweetIM Toolbar for Internet Explorer 4.2..SweetIESetup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{F44840C4-6708-42BA-807E-138D61C83EB9}.....@.....@.....@.....@.......@.....@.....@.......@....).SweetIM Toolbar for Internet Explorer 4.2......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B655F7E9-422F-408D-9DA6-690F6F437498}I.C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\.@.......@.....@.....@......&.{097CDE68-E405-4381-BD2C-C0A94023F82D}J.C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\.@.......@.....@.....@......&.{DF3F12EC-2B75-4144-8208-FE511A561A65}K.C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\.@.......@.....@.....@......&.{6B8676E2-D239-4211-830F-745CD4816053}

                                                                                                                                                                                                              C:\Windows\Installer\MSIEF30.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):201008
                                                                                                                                                                                                              Entropy (8bit):6.1930426458245185
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:v1G4ucDmX5/S3asI82eIiWqdcTHlpftQtLI+mdJhP4qgTbvV4rIjLUn8JK0LIgli:EEDSY7JBuOZIAqgvvVPcpE0we
                                                                                                                                                                                                              MD5:CFFA8284DF3F949D26AEBC2F24407DAE
                                                                                                                                                                                                              SHA1:9A5456FE0C238E7F76BE4E4A96AAC0B2B389FBB9
                                                                                                                                                                                                              SHA-256:7804FD3B7BCA4BF1DB85B98EA9CE831CC83D526FB96DDA2BF23C509556733056
                                                                                                                                                                                                              SHA-512:7FE5008CA6D2DFF7CAFE51D422704D668AED871D120891A3A3D1138CB0B8D846A7C4C3C05ADAC6043CF55EA7F4844EA17D9946F306EAABC59076E5F2665CC8B3
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).&nm{H=m{H=m{H=~s!=l{H=.lG=z{H=.l.=.{H=.s.=l{H=.XQ=i{H=.XT=l{H=~s.=o{H=.s.=f{H=m{I=.{H=.l(=I{H=.l.=l{H=.p.=l{H=.l.=l{H=Richm{H=........................PE..L....P{N...........!................r^.................................................................................................. ...............0!...........................................f..@............................................text............................... ..`.rdata..............................@..@.data....(..........................@....rsrc... ...........................@..@.reloc...).......0..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIF7EB.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):233776
                                                                                                                                                                                                              Entropy (8bit):6.169795023583973
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:0w8rUeLOfh6XNExDvUFi9/ezgDph4Qkos/zbcmffmgPMxoIHHl3aU9QsE5:UUeLqhcQDvU4Hko63f4Bad
                                                                                                                                                                                                              MD5:F6BDC7AB21589CF4D87FE72CB82305D1
                                                                                                                                                                                                              SHA1:24C4B68B09C443B70A473EBE6C277F90F4EDB22E
                                                                                                                                                                                                              SHA-256:8472CD6362C2930383EDD6519FE1E024C49BE6921E4B7935AE37F8FBDEFA9AE0
                                                                                                                                                                                                              SHA-512:28F6BC43E014249B582BA7F17A039618138EF3C9DDFAFEEFE405054469FC34EFE55480F59F3B7AB2080E704F423DF6F96B246A6582C024084AC3AB0DE8A156BA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$bZ.`.4.`.4.`.4.s.].a.4...;.x.4...k...4...k.a.4. -.d.4. (.a.4.s.i.b.4...i.o.4.`.5..4...T.P.4...h.a.4..j.a.4...n.a.4.Rich`.4.................PE..L.....UN...........!.....P... ......:........`.......................................................................................0...............p..0!...@... ......................................@............`..d............................text...^O.......P.................. ..`.rdata.......`.......`..............@..@.data....)....... ..................@....rsrc........0....... ..............@..@.reloc...8...@...@...0..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIF889.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):233776
                                                                                                                                                                                                              Entropy (8bit):6.169795023583973
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:0w8rUeLOfh6XNExDvUFi9/ezgDph4Qkos/zbcmffmgPMxoIHHl3aU9QsE5:UUeLqhcQDvU4Hko63f4Bad
                                                                                                                                                                                                              MD5:F6BDC7AB21589CF4D87FE72CB82305D1
                                                                                                                                                                                                              SHA1:24C4B68B09C443B70A473EBE6C277F90F4EDB22E
                                                                                                                                                                                                              SHA-256:8472CD6362C2930383EDD6519FE1E024C49BE6921E4B7935AE37F8FBDEFA9AE0
                                                                                                                                                                                                              SHA-512:28F6BC43E014249B582BA7F17A039618138EF3C9DDFAFEEFE405054469FC34EFE55480F59F3B7AB2080E704F423DF6F96B246A6582C024084AC3AB0DE8A156BA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$bZ.`.4.`.4.`.4.s.].a.4...;.x.4...k...4...k.a.4. -.d.4. (.a.4.s.i.b.4...i.o.4.`.5..4...T.P.4...h.a.4..j.a.4...n.a.4.Rich`.4.................PE..L.....UN...........!.....P... ......:........`.......................................................................................0...............p..0!...@... ......................................@............`..d............................text...^O.......P.................. ..`.rdata.......`.......`..............@..@.data....)....... ..................@....rsrc........0....... ..............@..@.reloc...8...@...@...0..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\MSIF8B9.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                              Size (bytes):58312
                                                                                                                                                                                                              Entropy (8bit):4.7831488349783555
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:+0J8+QCTqaxxKkUmFVSarTJym3OZESrcyFKfQLHVM:cCTqYttXDJT+lcfQG
                                                                                                                                                                                                              MD5:74578BF21C4CE56DBB2FBD7616895637
                                                                                                                                                                                                              SHA1:1D6A43E6D47DA777ABE5AA72F39F5C396D7E37E5
                                                                                                                                                                                                              SHA-256:C9CFE837EBA6960CE065653E45FDBB6FE3FD0BBBB0787E29B1881C03A3FCFB56
                                                                                                                                                                                                              SHA-512:F6219335B266C6D78628CA11B7A4C49FDF6C7F1261332B2B4A8ABAC49BE59CC5C6180CAA8CDDB32602C55F546C8CCA3EE7C41AB72859CB07FF9C5BE6E11720AA
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$.C{J.C{J.C{J.,dA.E{J..gD.V{J.,d@.x{J..XS.D{J.C{K..{J.EXA.A{J..}L.B{J..[N.B{J.RichC{J.........................PE..L...z.&F...........!.....`...p...............p.....................................................................p}..a...0w..P....................................................................................p..D............................text....U.......`.................. ..`.rdata.......p.......p..............@..@.data....3.......0..................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\SourceHash{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                              Entropy (8bit):1.1644059801621958
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:JSbX72FjXGtiAGiLIlHVRpLh/7777777777777777777777777vDHFoezj0l0i8Q:J9FQI5P2e1F
                                                                                                                                                                                                              MD5:18D68601FBB145D4B78613D951C3DD4B
                                                                                                                                                                                                              SHA1:3554CECEC2B8EDFFDA65214F8FB2E30CA16E0369
                                                                                                                                                                                                              SHA-256:95A1435FF03EB1BCCF282C4A0FD3C98517310087C5B5B2D04CBAFF537DD249B9
                                                                                                                                                                                                              SHA-512:BF424B1F097F8532EE91B2FEDD5F3328C69D1A4789D8AE791864F5B125302E2210D0A24BAC67362A623695221D27712A8A0C8FE7B09734990583C10EA6F65B26
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\SourceHash{A81A974F-8A22-43E6-9243-5198FF758DA1}

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                              Entropy (8bit):1.1639980503074234
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:JSbX72FjTiAGiLIlHVRpLh/7777777777777777777777777vDHFULNC0l0i8Q:JQQI5Pap8F
                                                                                                                                                                                                              MD5:78DE45E7392A54614E92811908D81A27
                                                                                                                                                                                                              SHA1:24223C3DBDB3427D760E48B8D02134E71357DE74
                                                                                                                                                                                                              SHA-256:2EB85C5E9487222659921DE6D73C5094E704F7C96C8AC564E2426A2B182F122E
                                                                                                                                                                                                              SHA-512:C97574834E99E542B62C138F6109B91FA0A545F760221C40AAEACA2C831F30050B2C9E652F1938F24156662FD39C0CF700C50469C76FFB9402E9AA2B378162F0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):2.0061362320835836
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:d11u/f8u7qZYiaAZD9sHQRw8u7qZYiaAZD:3s38u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:E9280A773879541ED91A0C84FE619340
                                                                                                                                                                                                              SHA1:B3B6C1ACE98803B4DB1FC16BED797AA57C3B4E87
                                                                                                                                                                                                              SHA-256:D153A61EA9016FF4470BEB3BE3A9CCA9FC4E39752338C56661F70BED524DF710
                                                                                                                                                                                                              SHA-512:CC96455155956017AA825418C91CB4452546CD16A599AE899534B663803F488F2552540B1A1AE2229913658C063FAB29C4FC11CFCBC7CB592E1DE161EEF14B51
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\ARPPRODUCTICON.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:MS Windows icon resource - 6 icons, 16x16, 16 colors, 16x16
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10134
                                                                                                                                                                                                              Entropy (8bit):4.2562024905008
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:SYONfeZEWVArvU3mONfeZEWV4+xF9p0ONfeZEWVblMb6UjjDhPm2TBnDifnZPmS:KNeTL3TNeT4+vDFNeTb6bVPmSB2nZPmS
                                                                                                                                                                                                              MD5:6E42CF0D47AF25DEA4CECDBE093D521C
                                                                                                                                                                                                              SHA1:EC3E157D289629AB3C391800E7D8774E0F3A2EC0
                                                                                                                                                                                                              SHA-256:7E1F9048D457369E50EE2CCC3659C897A740ECF722036858C88390115E5612A1
                                                                                                                                                                                                              SHA-512:11846707CF38EE1D08563263DF52A500400623918ED80772824CCEA23C20554460AC7F63A5EFF5BC76EEE7FEF0CD7508D4B5C3DA6EEEE7113662EE605A8BE8A8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..............(...f...........h....... .............. ..............00..............00......h....!..(....... ...................................................................................................p.............w.......x.......x.......{...............}..w..p.wwww....x...p.wxr""/p...r""/p..wr""/p...r."/p...r...p.......p................................................................(....... ...........@...................................................................................""".))).UUU.MMM.BBB.999..|...PP.....................3...f............3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...............f.............3.3.3.f.3...3...3...3..33.333.f33..33..33..33..f3.3f3.ff3..f3..f3..f3...3.3.3.f.3...3..3...3...3.3.3.f.3...3...3...3.3.3.f.3...3...3...3...f.3.f.f.f...f...f...f..3f.33f.f3f..3f..3f..3f..ff.3ff.fff..ff..ff...f.3.f.f.f...f..f...f...f.3.f...f...f...f...f.3.f...f...f..............3..............33..f....3.......f..3f..f3

                                                                                                                                                                                                              C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:MS Windows icon resource - 6 icons, 16x16, 16 colors, 16x16
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10134
                                                                                                                                                                                                              Entropy (8bit):4.2562024905008
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:SYONfeZEWVArvU3mONfeZEWV4+xF9p0ONfeZEWVblMb6UjjDhPm2TBnDifnZPmS:KNeTL3TNeT4+vDFNeTb6bVPmSB2nZPmS
                                                                                                                                                                                                              MD5:6E42CF0D47AF25DEA4CECDBE093D521C
                                                                                                                                                                                                              SHA1:EC3E157D289629AB3C391800E7D8774E0F3A2EC0
                                                                                                                                                                                                              SHA-256:7E1F9048D457369E50EE2CCC3659C897A740ECF722036858C88390115E5612A1
                                                                                                                                                                                                              SHA-512:11846707CF38EE1D08563263DF52A500400623918ED80772824CCEA23C20554460AC7F63A5EFF5BC76EEE7FEF0CD7508D4B5C3DA6EEEE7113662EE605A8BE8A8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..............(...f...........h....... .............. ..............00..............00......h....!..(....... ...................................................................................................p.............w.......x.......x.......{...............}..w..p.wwww....x...p.wxr""/p...r""/p..wr""/p...r."/p...r...p.......p................................................................(....... ...........@...................................................................................""".))).UUU.MMM.BBB.999..|...PP.....................3...f............3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...............f.............3.3.3.f.3...3...3...3..33.333.f33..33..33..33..f3.3f3.ff3..f3..f3..f3...3.3.3.f.3...3..3...3...3.3.3.f.3...3...3...3.3.3.f.3...3...3...3...f.3.f.f.f...f...f...f..3f.33f.f3f..3f..3f..3f..ff.3ff.fff..ff..ff...f.3.f.f.f...f..f...f...f.3.f...f...f...f...f.3.f...f...f..............3..............33..f....3.......f..3f..f3

                                                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):432221
                                                                                                                                                                                                              Entropy (8bit):5.375184529996458
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauJ:zTtbmkExhMJCIpEr8
                                                                                                                                                                                                              MD5:2F523A4B1010AEEB69E095F803C5460C
                                                                                                                                                                                                              SHA1:4B348E81BEE7E35C9EE535CBF58B4E8C4C3078EB
                                                                                                                                                                                                              SHA-256:4C43C562E0DFA6983AD1FA688518E229D18BCA7CDAFD1B7115E9D03B39C212F7
                                                                                                                                                                                                              SHA-512:DF504C47E6DAA67D7934AA54BA4C4A7879C09DDCEE6F6A9D50D2136B86B2DD865B0CB25A0151020E013CDF0ED392A8181B24FD66D614136B60B555A86F4E1581
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                              C:\Windows\Temp\~DF0486B6564C428557.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF0CB2B9BFA34C1891.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                              Entropy (8bit):0.36376725740287763
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:5OvzwEvPtEvvEvCEvLZEvbiEvjEvBZEv6r9yfEvPtEvvEvCEvLZEvbiEvjEvBZE4:Qw8u7qZYiaAZDgf8u7qZYiaAZD9sHQ
                                                                                                                                                                                                              MD5:180385EC87E1FCEFF7F9E9B9DF11A0CD
                                                                                                                                                                                                              SHA1:ADC58EAA95261DD56B45B52D4F3365C345899DD6
                                                                                                                                                                                                              SHA-256:6E39C26DBD501E1F26BCA3F14B1F9806DF70FD2068DA49FBA148FD473CBD0977
                                                                                                                                                                                                              SHA-512:9642FB4764EEA904016E66B06BDFEA39F55190E3FA85C8E0799964BCE4E2CCD62960F5A55407CBB2392AE4AAE3509EFAF32ACF62883FC6F7D6E4D13591018E3A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF156062E8B17B3187.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):2.0061362320835836
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:d11u/f8u7qZYiaAZD9sHQRw8u7qZYiaAZD:3s38u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:E9280A773879541ED91A0C84FE619340
                                                                                                                                                                                                              SHA1:B3B6C1ACE98803B4DB1FC16BED797AA57C3B4E87
                                                                                                                                                                                                              SHA-256:D153A61EA9016FF4470BEB3BE3A9CCA9FC4E39752338C56661F70BED524DF710
                                                                                                                                                                                                              SHA-512:CC96455155956017AA825418C91CB4452546CD16A599AE899534B663803F488F2552540B1A1AE2229913658C063FAB29C4FC11CFCBC7CB592E1DE161EEF14B51
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF18A255B0555078FA.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.3063463592075726
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hNnyCWf8u7qZYiaAZD9sHQRw8u7qZYiaAZD:PyL8u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:3DE995A003D823925360304C41B8E834
                                                                                                                                                                                                              SHA1:FCE1CB5C6F2FE4B00834378276768479437109E6
                                                                                                                                                                                                              SHA-256:864D525E37FFEC15526A4FD3694A31CCF5D3D919CC37058CB4B6BC1CA5D1CBA0
                                                                                                                                                                                                              SHA-512:4B3384B918BB7AC8F672304194A72A1A9FC824D5B3572047A747A45CD18350C4C79301DA43209EA84916E7E052E26C1625D3BB13E8F4CD34A03FE9DE6D8A262C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF18C94625F3BFE7BF.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):2.0061362320835836
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:d11u/f8u7qZYiaAZD9sHQRw8u7qZYiaAZD:3s38u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:E9280A773879541ED91A0C84FE619340
                                                                                                                                                                                                              SHA1:B3B6C1ACE98803B4DB1FC16BED797AA57C3B4E87
                                                                                                                                                                                                              SHA-256:D153A61EA9016FF4470BEB3BE3A9CCA9FC4E39752338C56661F70BED524DF710
                                                                                                                                                                                                              SHA-512:CC96455155956017AA825418C91CB4452546CD16A599AE899534B663803F488F2552540B1A1AE2229913658C063FAB29C4FC11CFCBC7CB592E1DE161EEF14B51
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF2C894160688ACFD6.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF3E072735BEB630CC.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF4732600F074D96F8.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.3063463592075726
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hNnyCWf8u7qZYiaAZD9sHQRw8u7qZYiaAZD:PyL8u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:3DE995A003D823925360304C41B8E834
                                                                                                                                                                                                              SHA1:FCE1CB5C6F2FE4B00834378276768479437109E6
                                                                                                                                                                                                              SHA-256:864D525E37FFEC15526A4FD3694A31CCF5D3D919CC37058CB4B6BC1CA5D1CBA0
                                                                                                                                                                                                              SHA-512:4B3384B918BB7AC8F672304194A72A1A9FC824D5B3572047A747A45CD18350C4C79301DA43209EA84916E7E052E26C1625D3BB13E8F4CD34A03FE9DE6D8A262C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF49C6054126F945A2.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):2.2618596421990733
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:isVuVUqjwM/MTAKaB7FauVUqjwM/MTAKaB7F:p
                                                                                                                                                                                                              MD5:9DD76764744E2FC7CBDF5B45A87DE54B
                                                                                                                                                                                                              SHA1:9728F9FA37F85C808A5F177242433315E080A053
                                                                                                                                                                                                              SHA-256:7BC966F36A86D821559D2D574EBF522513CAEEB955D2B4FCBC50D7429398396F
                                                                                                                                                                                                              SHA-512:D0F3CA5CDAED8CC63255D9C57DA0474D63E22B906B419AEA99ED28FE5A99248FED279B6CE5690F27615742D208505B6851C219EFB95C40894BDDFF442DBD5E23
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF4C6E2272381D7C79.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):0.07200658585211478
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO2mMvPLNIIVky6l0:2F0i8n0itFzDHFULNC0
                                                                                                                                                                                                              MD5:E058B0D2A8CA6F00251D4E5E3E8885A2
                                                                                                                                                                                                              SHA1:91E20D6F3E4A869C9CB2A0922DEBE96AE0BC5898
                                                                                                                                                                                                              SHA-256:15381DCAFC265F363139E36A6FA47012B993DBEC5B1195F401218C4AFC3994F0
                                                                                                                                                                                                              SHA-512:595E0F61F1D04D9256D140F0070B8A0AC0170DAB8A05757DFF068C509771232E547EBDFB37AF0076FE8D76B8905D2B9F1CBA886E3C8F923907F48E73E21625DC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF51BC1956B5B4E8A2.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF5A01DA33A49A5122.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77824
                                                                                                                                                                                                              Entropy (8bit):0.476814122179118
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:fuVUqjwM/MTAKaB7FIuVUqjwM/MTAKaB7F:
                                                                                                                                                                                                              MD5:F3F1E437095DF641C995A2CED9CE3740
                                                                                                                                                                                                              SHA1:6CBE80477BAF229FE8B8ADF44B8C5923265B1F8F
                                                                                                                                                                                                              SHA-256:54D5328DA5AF25DE8475EE142B6E2B7152FAC58B37609CB9428A5BAA0E9C2637
                                                                                                                                                                                                              SHA-512:5B9D97593855E21790E038D29BE512336120EF0DC7DCFA625E8E0B66E2307BBBFDCDB38FDD300CAD7B128E7B12734DBC2E1B9A94E149E371CEC8572479D19371
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF640351C7F7BF9449.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF711D6A39390B10B2.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.465958692603223
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:egWuVUqjwM/MTAKaB7FauVUqjwM/MTAKaB7F:l
                                                                                                                                                                                                              MD5:024EDEA9EE388821BD3107A08B2845A6
                                                                                                                                                                                                              SHA1:E950EEBF7EC4C6C0D156C401BD6FE2039A2EE2C5
                                                                                                                                                                                                              SHA-256:0A7EE6A3B7E07179BA9B2792009AB6F3713F89AD0FA33A8DEFAA311A5D12DEFF
                                                                                                                                                                                                              SHA-512:1E5D3889FDA947C2DB9AD939C78EFE5073603FF26609B0CBE98584003247F6A907BDAD19001F0C600672891EE00F440328E668F83828054DA53612ACADB4407C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF7D3C989CC3B9FA1D.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):2.2618596421990733
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:isVuVUqjwM/MTAKaB7FauVUqjwM/MTAKaB7F:p
                                                                                                                                                                                                              MD5:9DD76764744E2FC7CBDF5B45A87DE54B
                                                                                                                                                                                                              SHA1:9728F9FA37F85C808A5F177242433315E080A053
                                                                                                                                                                                                              SHA-256:7BC966F36A86D821559D2D574EBF522513CAEEB955D2B4FCBC50D7429398396F
                                                                                                                                                                                                              SHA-512:D0F3CA5CDAED8CC63255D9C57DA0474D63E22B906B419AEA99ED28FE5A99248FED279B6CE5690F27615742D208505B6851C219EFB95C40894BDDFF442DBD5E23
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF93530EFD6DC92E44.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF97765F105CE2414E.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DF99F23AAD8322553B.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFADA5252E3B9AC5D6.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFB9CBBCCCF68D20DA.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.465958692603223
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:egWuVUqjwM/MTAKaB7FauVUqjwM/MTAKaB7F:l
                                                                                                                                                                                                              MD5:024EDEA9EE388821BD3107A08B2845A6
                                                                                                                                                                                                              SHA1:E950EEBF7EC4C6C0D156C401BD6FE2039A2EE2C5
                                                                                                                                                                                                              SHA-256:0A7EE6A3B7E07179BA9B2792009AB6F3713F89AD0FA33A8DEFAA311A5D12DEFF
                                                                                                                                                                                                              SHA-512:1E5D3889FDA947C2DB9AD939C78EFE5073603FF26609B0CBE98584003247F6A907BDAD19001F0C600672891EE00F440328E668F83828054DA53612ACADB4407C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFC6CB5AEB631975AD.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):0.0718558715573339
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO78c5zGGIVky6l0:2F0i8n0itFzDHFoezj0
                                                                                                                                                                                                              MD5:E9E7CE9DC56F17BF121CD917960A02FA
                                                                                                                                                                                                              SHA1:128EC8883A499168AB98ECCF04208C8E566866EF
                                                                                                                                                                                                              SHA-256:443C19F8EE3935AFA2DE265999DB1EC8B3FE2738977700AEDD67A072920C8A6A
                                                                                                                                                                                                              SHA-512:8C39046FAFF6D750DFEC031E5A7697CC59FD8736E1453F20ADD8A01818176378D29BA857B050F20CD953B116D5A34839AA9DA342B63EFC4A0580D5FEB90E4983
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFEED463D2EA7F8B4E.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFF09C0502AD263EAC.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.3063463592075726
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:hNnyCWf8u7qZYiaAZD9sHQRw8u7qZYiaAZD:PyL8u7qZYiaAZDeHQm8u7qZYiaAZD
                                                                                                                                                                                                              MD5:3DE995A003D823925360304C41B8E834
                                                                                                                                                                                                              SHA1:FCE1CB5C6F2FE4B00834378276768479437109E6
                                                                                                                                                                                                              SHA-256:864D525E37FFEC15526A4FD3694A31CCF5D3D919CC37058CB4B6BC1CA5D1CBA0
                                                                                                                                                                                                              SHA-512:4B3384B918BB7AC8F672304194A72A1A9FC824D5B3572047A747A45CD18350C4C79301DA43209EA84916E7E052E26C1625D3BB13E8F4CD34A03FE9DE6D8A262C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Temp\~DFF654A44FD6B398BE.TMP

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                              Entropy (8bit):1.465958692603223
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:egWuVUqjwM/MTAKaB7FauVUqjwM/MTAKaB7F:l
                                                                                                                                                                                                              MD5:024EDEA9EE388821BD3107A08B2845A6
                                                                                                                                                                                                              SHA1:E950EEBF7EC4C6C0D156C401BD6FE2039A2EE2C5
                                                                                                                                                                                                              SHA-256:0A7EE6A3B7E07179BA9B2792009AB6F3713F89AD0FA33A8DEFAA311A5D12DEFF
                                                                                                                                                                                                              SHA-512:1E5D3889FDA947C2DB9AD939C78EFE5073603FF26609B0CBE98584003247F6A907BDAD19001F0C600672891EE00F440328E668F83828054DA53612ACADB4407C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              Chrome Cache Entry: 786

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 130 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2505
                                                                                                                                                                                                              Entropy (8bit):7.595901850281693
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:LqQNn2qhSJ3dqamQagNDp1CJ6T5oE6OFd65lQvhTSE0Z59iZpnz:WY2nqtGCglZF4zmTe5Ezz
                                                                                                                                                                                                              MD5:B254739743874926F3F110BA7EB9C37F
                                                                                                                                                                                                              SHA1:A322076E4CE0300AC9D41C4C608ECB26908EEF8A
                                                                                                                                                                                                              SHA-256:274FEA98A067F69E204AEFC8FD252DCAEC7AEDCC1A841C83CF5E589EACE70D36
                                                                                                                                                                                                              SHA-512:912F400602D42CEA495CA1EFBE6932C13BC1DCC8B4F67AF544D254AD5BA778102238B19EF601651ABD18F584578526EC6418DF6625B1DB06B30346A4D4E601B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.......(.....2."u....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:792C9E91FABD11E3B8E6D3F3F0625A70" xmpMM:DocumentID="xmp.did:792C9E92FABD11E3B8E6D3F3F0625A70"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:792C9E8FFABD11E3B8E6D3F3F0625A70" stRef:documentID="xmp.did:792C9E90FABD11E3B8E6D3F3F0625A70"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>y..A...;IDATx..[mL[U.>.-.R...j:JKqF..e.C.X f&f.n:.....c.......)....D..8.5...fB...1..c...R....O.>oi....5..r.....

                                                                                                                                                                                                              Chrome Cache Entry: 787

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 12 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1240
                                                                                                                                                                                                              Entropy (8bit):6.43589865588804
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:Y1hnBWwh82lYSKwWnRvVVcT3JryJ3VeesA5Gkq5VjMLzO9Wxroz:W1kvnLHLy0J3sesA5WiLzOsxroz
                                                                                                                                                                                                              MD5:EA2C48BED74BB2EBDD5989FB057478E2
                                                                                                                                                                                                              SHA1:C3D6BA529488883F8ACBD67727ECB6812E2B8901
                                                                                                                                                                                                              SHA-256:44D6C86798E193A0A225D61B06F456283B227E55BE63CA2BD5D948D573659EDA
                                                                                                                                                                                                              SHA-512:F9CF16C6FF686D8747B3F48B00602CD3D1072C57B9B78CAA5CA4D27E8B9742E179D032F1217BB80E18FF32A2A3B13CBFE64912DBBB9A920E66F9E8E5844CC19F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR..............2.j....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d55c5136-5eda-42fa-8d02-0c9d28e1b7d6" xmpMM:DocumentID="xmp.did:A7B453D50F3A11E48DA496ABFC2A25A9" xmpMM:InstanceID="xmp.iid:A7B453D40F3A11E48DA496ABFC2A25A9" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6dfad076-991f-40d6-b4b9-7fccee9e854a" stRef:documentID="adobe:docid:photoshop:b974d9ae-5239-1177-a0b0-e4f30f33c004"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.K.&....IDATx.R...0

                                                                                                                                                                                                              Chrome Cache Entry: 788

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 12 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):1240
                                                                                                                                                                                                              Entropy (8bit):6.43589865588804
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:Y1hnBWwh82lYSKwWnRvVVcT3JryJ3VeesA5Gkq5VjMLzO9Wxroz:W1kvnLHLy0J3sesA5WiLzOsxroz
                                                                                                                                                                                                              MD5:EA2C48BED74BB2EBDD5989FB057478E2
                                                                                                                                                                                                              SHA1:C3D6BA529488883F8ACBD67727ECB6812E2B8901
                                                                                                                                                                                                              SHA-256:44D6C86798E193A0A225D61B06F456283B227E55BE63CA2BD5D948D573659EDA
                                                                                                                                                                                                              SHA-512:F9CF16C6FF686D8747B3F48B00602CD3D1072C57B9B78CAA5CA4D27E8B9742E179D032F1217BB80E18FF32A2A3B13CBFE64912DBBB9A920E66F9E8E5844CC19F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://storage2.stgbssint.com/Search/SearchApplication/Resources/Images/Search/closeSprite.png
                                                                                                                                                                                                              Preview:.PNG........IHDR..............2.j....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d55c5136-5eda-42fa-8d02-0c9d28e1b7d6" xmpMM:DocumentID="xmp.did:A7B453D50F3A11E48DA496ABFC2A25A9" xmpMM:InstanceID="xmp.iid:A7B453D40F3A11E48DA496ABFC2A25A9" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6dfad076-991f-40d6-b4b9-7fccee9e854a" stRef:documentID="adobe:docid:photoshop:b974d9ae-5239-1177-a0b0-e4f30f33c004"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.K.&....IDATx.R...0

                                                                                                                                                                                                              Chrome Cache Entry: 789

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 130 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):2505
                                                                                                                                                                                                              Entropy (8bit):7.595901850281693
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:LqQNn2qhSJ3dqamQagNDp1CJ6T5oE6OFd65lQvhTSE0Z59iZpnz:WY2nqtGCglZF4zmTe5Ezz
                                                                                                                                                                                                              MD5:B254739743874926F3F110BA7EB9C37F
                                                                                                                                                                                                              SHA1:A322076E4CE0300AC9D41C4C608ECB26908EEF8A
                                                                                                                                                                                                              SHA-256:274FEA98A067F69E204AEFC8FD252DCAEC7AEDCC1A841C83CF5E589EACE70D36
                                                                                                                                                                                                              SHA-512:912F400602D42CEA495CA1EFBE6932C13BC1DCC8B4F67AF544D254AD5BA778102238B19EF601651ABD18F584578526EC6418DF6625B1DB06B30346A4D4E601B2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://storage2.stgbssint.com/Search/SearchApplication/Resources/SpyGlass130x40.png
                                                                                                                                                                                                              Preview:.PNG........IHDR.......(.....2."u....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:792C9E91FABD11E3B8E6D3F3F0625A70" xmpMM:DocumentID="xmp.did:792C9E92FABD11E3B8E6D3F3F0625A70"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:792C9E8FFABD11E3B8E6D3F3F0625A70" stRef:documentID="xmp.did:792C9E90FABD11E3B8E6D3F3F0625A70"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>y..A...;IDATx..[mL[U.>.-.R...j:JKqF..e.C.X f&f.n:.....c.......)....D..8.5...fB...1..c...R....O.>oi....5..r.....

                                                                                                                                                                                                              Chrome Cache Entry: 790

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                              Entropy (8bit):3.875
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:HKALn:qAL
                                                                                                                                                                                                              MD5:C6CB4F21C7DCEB18C48B802BDE96868D
                                                                                                                                                                                                              SHA1:D44E74B07ED4E8267728C2BCDD16599E9110D05B
                                                                                                                                                                                                              SHA-256:B77A3071A80FC28A1E314D251064103CF265866101F7CDCCCF00B77C80484BD5
                                                                                                                                                                                                              SHA-512:8C65A0458DD4A8B93AEEA70A0CA67DB43B6E1C0DAAB17B7091449335532F3F5489E5B8A1617B42B99EE95B66CD8EF3E572F537121C9960743E100FE560F4C0F0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmkr4Nqu8iHsRIFDT0fUzw=?alt=proto
                                                                                                                                                                                                              Preview:CgkKBw09H1M8GgA=

                                                                                                                                                                                                              Chrome Cache Entry: 791

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1150
                                                                                                                                                                                                              Entropy (8bit):1.8680762865405123
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:RltpajwqRtl/lcLw5lXH1lI5WYlugl+yXkWn7WRljl3AXptdVeBaRs:RQjwkvlcLw5lXHvI5WI/MzjlMpteBaRs
                                                                                                                                                                                                              MD5:7209017BDEBB31C768CE2A9C5624FF4C
                                                                                                                                                                                                              SHA1:1E01ACC3A925B611B3EC010251712CCDBE033478
                                                                                                                                                                                                              SHA-256:1A07ECDD943CE77F701EAAD2D94510AB8C123FDD7124C1A44AA32F3E258222F0
                                                                                                                                                                                                              SHA-512:3A1BB0271F9B38EDEAFE9C14F0CF4EE937D54EB6E502B5D2B37B2218303ADA7340A21CAB3F053A13C77660F20A131AF497B483804CD645BC7BCD755F95E88636
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:............ .h.......(....... ..... .....@...........................................................................................................................................................................................................................333.333.333.....................................................333.333.333.333.................................................333.333.333.333.333.................................................333.333.333.333:333n333.333.333g333.................................333.333A333.333.333Y333[333.333.333.................................333.333.............333.333.333.............................333.333.333.................333.333.............................333.333.333.................333.333.................................333.333Q................333e333.................................333E333.333[333.333.333d333.3338....................................333<333.333.333.333.3334..........................................................

                                                                                                                                                                                                              Chrome Cache Entry: 792

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 343 x 105, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2767
                                                                                                                                                                                                              Entropy (8bit):7.583229396861441
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:QitvnLUk0J3qYiY0lRYTOdrrNvdX8XLBMrXwIOZHDl6gJDQ/zymP71:DHvYeHdFvp8CrXPOZZnJE22J
                                                                                                                                                                                                              MD5:64F85BA4F1509E24C28DDC9E07DE67D7
                                                                                                                                                                                                              SHA1:A5B98CFB838A57566F29262A121A411C606309D1
                                                                                                                                                                                                              SHA-256:B6E35960862B8A7C2A38D8EDC5A47C977D36DFF572BBF9C0EC6E66DC0927BB77
                                                                                                                                                                                                              SHA-512:72E5F7DC036A5BBDAE0A6FFAD8B6A8877FCAAEEB0D575C5AEDF03A04D260560E4DC17D59F159B85D3727FCB34F2479FCE1A75C0C6B90709EEDDBD11C3993016E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...W...i......6`q....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:91C14195E9ADE011B2BAA20B13B906DB" xmpMM:DocumentID="xmp.did:1C651F5FAE3811E0BC3DBD4E3011D92B" xmpMM:InstanceID="xmp.iid:1C651F5EAE3811E0BC3DBD4E3011D92B" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2D5E92D02DAEE011B2BAA20B13B906DB" stRef:documentID="xmp.did:91C14195E9ADE011B2BAA20B13B906DB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..\.....IDATx....n....`R.=c...@......h...v.....$.d.d.

                                                                                                                                                                                                              Chrome Cache Entry: 793

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):1150
                                                                                                                                                                                                              Entropy (8bit):1.8680762865405123
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:RltpajwqRtl/lcLw5lXH1lI5WYlugl+yXkWn7WRljl3AXptdVeBaRs:RQjwkvlcLw5lXHvI5WI/MzjlMpteBaRs
                                                                                                                                                                                                              MD5:7209017BDEBB31C768CE2A9C5624FF4C
                                                                                                                                                                                                              SHA1:1E01ACC3A925B611B3EC010251712CCDBE033478
                                                                                                                                                                                                              SHA-256:1A07ECDD943CE77F701EAAD2D94510AB8C123FDD7124C1A44AA32F3E258222F0
                                                                                                                                                                                                              SHA-512:3A1BB0271F9B38EDEAFE9C14F0CF4EE937D54EB6E502B5D2B37B2218303ADA7340A21CAB3F053A13C77660F20A131AF497B483804CD645BC7BCD755F95E88636
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://www.sweetim.com/favicon.ico
                                                                                                                                                                                                              Preview:............ .h.......(....... ..... .....@...........................................................................................................................................................................................................................333.333.333.....................................................333.333.333.333.................................................333.333.333.333.333.................................................333.333.333.333:333n333.333.333g333.................................333.333A333.333.333Y333[333.333.333.................................333.333.............333.333.333.............................333.333.333.................333.333.............................333.333.333.................333.333.................................333.333Q................333e333.................................333E333.333[333.333.333d333.3338....................................333<333.333.333.333.3334..........................................................

                                                                                                                                                                                                              Chrome Cache Entry: 794

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:PNG image data, 343 x 105, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):2767
                                                                                                                                                                                                              Entropy (8bit):7.583229396861441
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:QitvnLUk0J3qYiY0lRYTOdrrNvdX8XLBMrXwIOZHDl6gJDQ/zymP71:DHvYeHdFvp8CrXPOZZnJE22J
                                                                                                                                                                                                              MD5:64F85BA4F1509E24C28DDC9E07DE67D7
                                                                                                                                                                                                              SHA1:A5B98CFB838A57566F29262A121A411C606309D1
                                                                                                                                                                                                              SHA-256:B6E35960862B8A7C2A38D8EDC5A47C977D36DFF572BBF9C0EC6E66DC0927BB77
                                                                                                                                                                                                              SHA-512:72E5F7DC036A5BBDAE0A6FFAD8B6A8877FCAAEEB0D575C5AEDF03A04D260560E4DC17D59F159B85D3727FCB34F2479FCE1A75C0C6B90709EEDDBD11C3993016E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://se-p-static-content.seccint.com/search/images/homepage/button_bg.png
                                                                                                                                                                                                              Preview:.PNG........IHDR...W...i......6`q....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:91C14195E9ADE011B2BAA20B13B906DB" xmpMM:DocumentID="xmp.did:1C651F5FAE3811E0BC3DBD4E3011D92B" xmpMM:InstanceID="xmp.iid:1C651F5EAE3811E0BC3DBD4E3011D92B" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2D5E92D02DAEE011B2BAA20B13B906DB" stRef:documentID="xmp.did:91C14195E9ADE011B2BAA20B13B906DB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..\.....IDATx....n....`R.=c...@......h...v.....$.d.d.

                                                                                                                                                                                                              Chrome Cache Entry: 795

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines (13154)
                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                              Size (bytes):68050
                                                                                                                                                                                                              Entropy (8bit):4.667702493663889
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:TkWbx6DXVeE0fGimaLbST1NFNGwVG99lFNoA:TkWPLY1bNGwVG99lz
                                                                                                                                                                                                              MD5:8A55941B84E4FB2086FABED7A8AFB490
                                                                                                                                                                                                              SHA1:5AC0014FED010BE36A894029B7D1A20E2EBFA8E3
                                                                                                                                                                                                              SHA-256:C68C474690B6A5B91F4A705B73F361407640FEE35E57729CB6E90325DCC821F8
                                                                                                                                                                                                              SHA-512:E06E3ACA929BDAC84914D0438A313428E55873B64327F8F858EB2746C5A71735A9FF23F7F5B4525DDB65F2BDE44698B5502B7B0DF0B224013B52EC29EE0B8317
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              URL:https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}
                                                                                                                                                                                                              Preview:<head>. <title>Search</title>. <style xmlns="http://www.w3.org/1999/html">. html{height:100%;min-width:700px;position:relative}body{font-family:Arial;padding:0;margin:0;background-color:#ffffff}body a img{border:none;outline:none !important}body .header{background-color:#3f5362;height:28px;border-bottom:1px solid #222e36;border-top:1px solid #222e36;position:relative;white-space:nowrap;z-index:999;width:100%}body .header.rtl .side1{float:right}body .header.rtl .side1 .categories_wrapper .header-item{float:right}body .header.rtl .side1 .categories_wrapper li #liMenu_wrapper #liMenu_inner_wrapper #liMore .dropdown-item-wrapper .dropdown-item{padding-left:26px;padding-right:8px}body .header.rtl .side1 .categories_wrapper li .header-item-btn.open{padding-left:6px;padding-right:13px}body .header.rtl .side2{float:left}body .header.rtl .side2 #bing_element_wrapper{left:15px}body .header .categories_wrapper{display:inline;list-style:none;margin:0;-webkit-margin-after:0em;-webkit-m

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                              Entropy (8bit):7.998107654907973
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.39%
                                                                                                                                                                                                              • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                                                                                              • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              File name:BundleSweetIMSetup.exe
                                                                                                                                                                                                              File size:4'666'160 bytes
                                                                                                                                                                                                              MD5:bcc96659d6a46536dbde959fb9d60f67
                                                                                                                                                                                                              SHA1:eb2352a46bf4d0112346814b406f2af3484cb93f
                                                                                                                                                                                                              SHA256:beb0423b1afe047964ad168060a8fd92c550814f6797b937ee0092004640aa18
                                                                                                                                                                                                              SHA512:b032b75347af699cc84a3342f70ebf8e528efe20a570e48310db084dc0f299169ff14cf32c7cc1da64648a85befef2e0e77f476df33e14cfa632e874c3c9c6c3
                                                                                                                                                                                                              SSDEEP:98304:SHuKO2Hse93G1fVqQkYc/EL+s72wJO2MzvK26/LOgIM:SHu92HvW1tq1kpSwc2KCjb
                                                                                                                                                                                                              TLSH:F926338051208E56C7697CBE722FF3F177181866FDAAD7E23A998E4F754D2F11E28104
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..t_...1.3.....1.......1.....,.1.......1..t\...1.......1..tJ...1...0...1.......1.......1.......1.Rich..1........

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:0f31b0696d31238f

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0xc265c0
                                                                                                                                                                                                              Entrypoint Section:UPX1
                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x4D9C5D2D [Wed Apr 6 12:31:41 2011 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                              Import Hash:8c28e421a54474fdf86d6c8ffec809c3

                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                              Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                              • 10/01/2011 00:00:00 04/02/2014 23:59:59
                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                              • CN=SweetIM Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SweetIM Technologies Ltd, L=Ra'anana, S=Israel, C=IL
                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                              Thumbprint MD5:A36613788258E5245F39EF4CFB2872A1
                                                                                                                                                                                                              Thumbprint SHA-1:D279C09CD09A2FCAA6009E3896737D7698DC0335
                                                                                                                                                                                                              Thumbprint SHA-256:4FBF81E4F024AC92EEA227FDF32D2ABD2286CCF36ABF7D4C239A9DD5A062E159
                                                                                                                                                                                                              Serial:5E3BF2B52DA9EA7F1B539A7F018F4EC6

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              pushad
                                                                                                                                                                                                              mov esi, 007C2000h
                                                                                                                                                                                                              lea edi, dword ptr [esi-003C1000h]
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              lea ebx, dword ptr [esp-00003E80h]
                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              cmp esp, ebx
                                                                                                                                                                                                              jne 00007F00D0FCDF0Dh
                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push 0082422Eh
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              add ebx, 04h
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push 004645B5h
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              add ebx, 04h
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              mov dword ptr [ebx], 00000003h
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              sub esp, 7Ch
                                                                                                                                                                                                              mov edx, dword ptr [esp+00000090h]
                                                                                                                                                                                                              mov dword ptr [esp+74h], 00000000h
                                                                                                                                                                                                              mov byte ptr [esp+73h], 00000000h
                                                                                                                                                                                                              mov ebp, dword ptr [esp+0000009Ch]
                                                                                                                                                                                                              lea eax, dword ptr [edx+04h]
                                                                                                                                                                                                              mov dword ptr [esp+78h], eax
                                                                                                                                                                                                              mov eax, 00000001h
                                                                                                                                                                                                              movzx ecx, byte ptr [edx+02h]
                                                                                                                                                                                                              mov ebx, eax
                                                                                                                                                                                                              shl ebx, cl
                                                                                                                                                                                                              mov ecx, ebx
                                                                                                                                                                                                              dec ecx
                                                                                                                                                                                                              mov dword ptr [esp+6Ch], ecx
                                                                                                                                                                                                              movzx ecx, byte ptr [edx+01h]
                                                                                                                                                                                                              shl eax, cl
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [esp+68h], eax
                                                                                                                                                                                                              mov eax, dword ptr [esp+000000A8h]
                                                                                                                                                                                                              movzx esi, byte ptr [edx]
                                                                                                                                                                                                              mov dword ptr [ebp+00h], 00000000h
                                                                                                                                                                                                              mov dword ptr [esp+60h], 00000000h
                                                                                                                                                                                                              mov dword ptr [eax], 00000000h
                                                                                                                                                                                                              mov eax, 00000300h
                                                                                                                                                                                                              mov dword ptr [esp+64h], esi
                                                                                                                                                                                                              mov dword ptr [esp+5Ch], 00000001h
                                                                                                                                                                                                              mov dword ptr [esp+58h], 00000001h
                                                                                                                                                                                                              mov dword ptr [esp+54h], 00000001h

                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                              • [C++] VS2005 build 50727
                                                                                                                                                                                                              • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [C++] VS2008 build 21022
                                                                                                                                                                                                              • [ C ] VS2005 build 50727
                                                                                                                                                                                                              • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                              • [IMP] VS2005 build 50727
                                                                                                                                                                                                              • [RES] VS2008 build 21022
                                                                                                                                                                                                              • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8338a00x31c.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x8280000xb8a0.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x4712000x2130UPX1
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x833bbc0xc.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x8271800x48UPX1
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x576840x40UPX0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              UPX00x10000x3c10000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              UPX10x3c20000x4660000x4652000b5ebe77023515e87092b5c86594bc00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0x8280000xc0000xbc008c27cc8edbe103469e16604a123fa79eFalse0.5828000332446809data6.057834848241296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              MY_CUSTOM0x5f5c40x12b67emptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x7212c0x10a4emptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x731d00xe45emptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x740180x2e1eemptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x76e380xb110emptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x81f480x50f4emptyEnglishUnited States0
                                                                                                                                                                                                              MY_CUSTOM0x8703c0x3c0db0empty0
                                                                                                                                                                                                              MY_CUSTOM0x447dec0x340bc0data1.0003108978271484
                                                                                                                                                                                                              MY_CUSTOM0x7889ac0x84554dataEnglishUnited States1.0003247016803312
                                                                                                                                                                                                              RT_ICON0x8285c80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.33963414634146344
                                                                                                                                                                                                              RT_ICON0x828c340x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4475806451612903
                                                                                                                                                                                                              RT_ICON0x828f200x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.6047297297297297
                                                                                                                                                                                                              RT_ICON0x82904c0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.31769722814498935
                                                                                                                                                                                                              RT_ICON0x829ef80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.35875451263537905
                                                                                                                                                                                                              RT_ICON0x82a7a40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3338150289017341
                                                                                                                                                                                                              RT_ICON0x82ad100x48fcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9933633055020338
                                                                                                                                                                                                              RT_ICON0x82f6100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.2270746887966805
                                                                                                                                                                                                              RT_ICON0x831bbc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.31848030018761725
                                                                                                                                                                                                              RT_ICON0x832c680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5292553191489362
                                                                                                                                                                                                              RT_DIALOG0x8179e40x3eedataEnglishUnited States1.010934393638171
                                                                                                                                                                                                              RT_DIALOG0x817dd40x28cdataEnglishUnited States1.0168711656441718
                                                                                                                                                                                                              RT_DIALOG0x8180600x1f4dataEnglishUnited States1.022
                                                                                                                                                                                                              RT_DIALOG0x8182540x1c6dataEnglishUnited States1.024229074889868
                                                                                                                                                                                                              RT_DIALOG0x81841c0x164dataEnglishUnited States1.0308988764044944
                                                                                                                                                                                                              RT_GROUP_ICON0x8330d40x92dataEnglishUnited States0.6438356164383562
                                                                                                                                                                                                              RT_VERSION0x83316c0x424dataEnglishUnited States0.4518867924528302
                                                                                                                                                                                                              RT_MANIFEST0x8335940x30bASCII text, with CRLF line terminatorsEnglishUnited States0.4595635430038511

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                                                                                                                                                              ADVAPI32.dllFreeSid
                                                                                                                                                                                                              COMCTL32.dllInitCommonControlsEx
                                                                                                                                                                                                              GDI32.dllBitBlt
                                                                                                                                                                                                              ole32.dllCoInitialize
                                                                                                                                                                                                              OLEAUT32.dllSysAllocStringLen
                                                                                                                                                                                                              RPCRT4.dllUuidFromStringW
                                                                                                                                                                                                              SHELL32.dll
                                                                                                                                                                                                              SHLWAPI.dllUrlGetPartW
                                                                                                                                                                                                              urlmon.dllObtainUserAgentString
                                                                                                                                                                                                              USER32.dllGetDC
                                                                                                                                                                                                              VERSION.dllVerQueryValueW
                                                                                                                                                                                                              WININET.dllInternetOpenW

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Apr 26, 2024 07:42:13.280258894 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.801733017 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.926338911 CEST804973313.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.926654100 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.926795006 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.051322937 CEST804973313.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.051527023 CEST804973313.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.051702023 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.059329987 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.059381962 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.059478998 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.073822021 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.073854923 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.348936081 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.349030972 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.418073893 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.418106079 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.419087887 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.419167995 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.424596071 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.468157053 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664138079 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664190054 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664206028 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664222956 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664237022 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.664288044 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.667562962 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.667663097 CEST4434973413.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.667730093 CEST49734443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:22.889631033 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.120603085 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.120645046 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.120713949 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.122854948 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.122870922 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.623984098 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.624067068 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.628418922 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.628443003 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.628753901 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:36.772629976 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.125137091 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.168121099 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445571899 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445647955 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445667028 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445710897 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445728064 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445748091 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445753098 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445753098 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445776939 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445779085 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445831060 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445831060 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445940971 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.445960045 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.446019888 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.446019888 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.446037054 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.446177959 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.446320057 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.816957951 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.816994905 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.817013025 CEST49735443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:42:37.817029953 CEST4434973513.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.302691936 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.427485943 CEST804973313.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.427630901 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.505825043 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.505872965 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.506098986 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.506504059 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.506515980 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.768811941 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.768889904 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.989202023 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.989222050 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.989665031 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.989761114 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.990164995 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.032128096 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.193651915 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.193702936 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.193782091 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.193782091 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.193794966 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.194108009 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206434011 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206444979 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206492901 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206515074 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206528902 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206578016 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.206578016 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.224195957 CEST4434974113.249.98.125192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.224438906 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.228503942 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.228610039 CEST49741443192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.784734011 CEST4974580192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.786443949 CEST4974680192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.787199020 CEST4974780192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.909117937 CEST8049745108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.909208059 CEST4974580192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.909565926 CEST4974580192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.911716938 CEST8049746108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.911808014 CEST4974680192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.912014008 CEST8049747108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.912069082 CEST4974780192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.033878088 CEST8049745108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.033917904 CEST8049745108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.078715086 CEST4974580192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.166934967 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.166980028 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.167047024 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.167289019 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.167305946 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.424720049 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.425251007 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.425271034 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.426312923 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.426376104 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.427710056 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.427771091 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.428051949 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.428061962 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.471776962 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.738498926 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.750005007 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.750053883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.750114918 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.750302076 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.750318050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756011009 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756026983 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756068945 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756082058 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756093979 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.756117105 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.765768051 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.765964031 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.765980005 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.776773930 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.776842117 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.776849985 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.780252934 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.780337095 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.780344009 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.783726931 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.783812046 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.783817053 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.787386894 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.787446022 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.787455082 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.827982903 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.863394022 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.863449097 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.863455057 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.868566990 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.868647099 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.868654013 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.869263887 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.875586987 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.875684977 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.883367062 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.883428097 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.885936022 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.886007071 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.886015892 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905186892 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905231953 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905263901 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905271053 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905291080 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905301094 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905453920 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905462980 CEST44349748108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.905473948 CEST49748443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.062257051 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.062290907 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.062355995 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.062536955 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.062547922 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.122178078 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.122263908 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.122359991 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.122606039 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.122654915 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.143595934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.147001028 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.147027969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.147403002 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.147460938 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.148124933 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.148175955 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.148183107 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.149353981 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.149411917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.149521112 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.149525881 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.189850092 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.319786072 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.320066929 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.320095062 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.321130037 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.321187973 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.322092056 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.322153091 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.322252035 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.368122101 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.374203920 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.374218941 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.383018017 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.383249998 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.383276939 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.387294054 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.387367964 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.388281107 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.388371944 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.388544083 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.388555050 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.419826984 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.435034037 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.514245987 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.520828962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.520889997 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.520922899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.527487040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.527539968 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.527571917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.540604115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.540657043 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.540683985 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.553739071 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.553808928 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.553836107 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.566869020 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.566947937 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.566981077 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.580070019 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.580132008 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.580167055 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.593293905 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.593364954 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.593400002 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.606336117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.606396914 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.606424093 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.658046961 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.658072948 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.698721886 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.698782921 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.698807001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.705045938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.705554008 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.705560923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.715665102 CEST4973380192.168.2.413.249.98.125
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.718105078 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.718158007 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.718163967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.731226921 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.731331110 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.731338024 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.740612030 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.740633011 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.740695000 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.740699053 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.740740061 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.742052078 CEST49753443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.742084980 CEST4434975313.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.744404078 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.744455099 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.744472027 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.757602930 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.757673025 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.757698059 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.770802975 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.770857096 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.770864964 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.783896923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.783952951 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.783961058 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792052984 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792140007 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792274952 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792299986 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792318106 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.792368889 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.794380903 CEST49754443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.794400930 CEST4434975413.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.797220945 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.797353029 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.797359943 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.810241938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.810286999 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.810292959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.814121962 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.814165115 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.815673113 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.815881014 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.815900087 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.823676109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.823759079 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.823766947 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.835655928 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.837012053 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.837018013 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.847206116 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.847270966 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.847275972 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.856487036 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.856530905 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.856972933 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.857168913 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.857186079 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.857980967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.858221054 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.858226061 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.869282961 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.869518042 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.869524002 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.880520105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.880579948 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.880584955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.891805887 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.891885996 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.891891956 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.903243065 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.903342009 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.903347969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.908417940 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.908474922 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.908549070 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.908729076 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.908741951 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.914457083 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.914514065 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.914520979 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.921030998 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.921098948 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.921104908 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.931129932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.931178093 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.931217909 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.931224108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.931263924 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.937541962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.943895102 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.943931103 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.943948984 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.943955898 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.943989992 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.950644016 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.956861019 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.956899881 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.956914902 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.956921101 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.956959009 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.963143110 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.969839096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.969877005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.969926119 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.969932079 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.969971895 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.970634937 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.970664978 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.970789909 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.971055984 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.971066952 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.976175070 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.982208014 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.982244968 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.982270002 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.982275963 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.982316971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.988461971 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.994858027 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.994914055 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.994914055 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.994940042 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.995161057 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.001418114 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.007457972 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.007518053 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.007524014 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.010643959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.010777950 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.010782957 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.017138958 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.017205000 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.017211914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.023544073 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.023736000 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.023742914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.029676914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.029779911 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.029786110 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036067963 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036118031 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036123037 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.042493105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.042557955 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.042568922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.049022913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.049083948 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.049089909 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.054924011 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.055062056 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.055067062 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.060597897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.060662031 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.060667038 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.066529989 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.066663027 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.066668034 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.069957018 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.070184946 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.070204973 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.070559978 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.070939064 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.071002007 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.071146965 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.072582960 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.072638988 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.072643995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.078485012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.078541040 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.078547001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.086968899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.087003946 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.087025881 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.087030888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.087269068 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.092747927 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.098320007 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.098359108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.098414898 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.098421097 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.098462105 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.103957891 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.109190941 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.109226942 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.109339952 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.109354019 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.109428883 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.112118959 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.113142014 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.113436937 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.113506079 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.113936901 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.114201069 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.114295006 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.114337921 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.114700079 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.119216919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.119271994 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.119277954 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.123210907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.123250961 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.123296976 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.123302937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.123342037 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.127604961 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.131659985 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.131702900 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.131707907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.135600090 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.135637999 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.135684967 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.135690928 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.135729074 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.139816046 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.145539045 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.145576000 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.145582914 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.145587921 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.145651102 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.149108887 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.152935028 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.152973890 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.153002977 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.153007984 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.153048038 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.156117916 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.156608105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.159568071 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.160183907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.160222054 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.160249949 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.160254955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.160299063 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.163707972 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.167352915 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.167387962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.167412043 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.167417049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.167454958 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.168283939 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.168606043 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.168667078 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170126915 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170206070 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170469046 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170550108 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170681000 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170690060 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.170789957 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.174125910 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.174160957 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.174197912 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.174202919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.174242973 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.177433014 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.180819035 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.180857897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.180867910 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.180872917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.180923939 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.184170008 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.187289953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.187395096 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.187400103 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.188870907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.188930988 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.188935995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.192050934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.192114115 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.192118883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.195465088 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.195553064 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.195557117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.198465109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.198524952 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.198529005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.201282978 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.201335907 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.201340914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.204207897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.204262018 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.204267025 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.207108021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.207180023 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.207185030 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.210091114 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.210150957 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.210155964 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.212954044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.213016033 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.213021040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.215847015 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.215919971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.215924978 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.217149973 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.218683958 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.218751907 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.218758106 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.221371889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.221440077 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.221447945 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.224746943 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.224955082 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.224962950 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225591898 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225653887 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225658894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225668907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225702047 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.225981951 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.226058006 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.226349115 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.226411104 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.226532936 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.226537943 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.228440046 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.231045008 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.231082916 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.231131077 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.231136084 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.231175900 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.233755112 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.236448050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.236489058 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.236505032 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.236520052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.236577988 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.239113092 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.241714001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.241755009 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.241775990 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.241795063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.241950035 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.244280100 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.246804953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.246843100 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.246891975 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.246900082 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.247287035 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.249316931 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.251885891 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.251919031 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.251965046 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.251971960 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.252017021 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.254460096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.257002115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.257052898 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.257061005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.258208990 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.258270025 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.258275032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.260715008 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.260771036 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.260778904 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.263118982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.263180971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.263189077 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.265599012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.265674114 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.265681028 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.268120050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.268171072 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.268177986 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.270453930 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.270502090 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.270509005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.272931099 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.273128986 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.273134947 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.275304079 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.275409937 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.275415897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.277597904 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.277663946 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.277669907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.279388905 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.280025005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.280143023 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.280149937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.282349110 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.282468081 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.282474995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.284713030 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.284769058 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.284776926 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.288258076 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.288301945 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.288305044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.288312912 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.288352013 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.290558100 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.292903900 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.292932987 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.292948961 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.292958021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.293004990 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.295553923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.297513962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.297555923 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.297561884 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.299757957 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.299782991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.299797058 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.299803972 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.299843073 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.302007914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.304265022 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.304295063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.304320097 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.304327011 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.304367065 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.306444883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.308644056 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.308672905 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.308717966 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.308726072 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.308765888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.310833931 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.312994003 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.313052893 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.313080072 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.313086987 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.313222885 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.315145969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.316317081 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.316418886 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.316432953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.318376064 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.318456888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.318480015 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.320683002 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.320852995 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.320861101 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.322810888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.322875023 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.322890997 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.324634075 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.324702978 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.324714899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.326638937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.326684952 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.326695919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.328676939 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.328720093 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.328727007 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.330722094 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.330770969 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.330780983 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.332876921 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.332917929 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.332928896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.334693909 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.334758997 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.334765911 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.336605072 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.336755037 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.336766005 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.338632107 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.338684082 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.338694096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.341530085 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.341555119 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.341592073 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.341602087 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.341773987 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.343378067 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.345276117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.345299959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.345341921 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.345351934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.345388889 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.347218990 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.348983049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.349046946 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.349056959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.350919008 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.350990057 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.350995064 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.352750063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.352777004 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.352823019 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.352832079 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.352869987 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.354562998 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.356462955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.356492996 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.356513977 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.356523991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.356738091 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.358215094 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.360069036 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.360115051 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.360122919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.361844063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.361876965 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.361907959 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.361917019 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.361962080 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.363548040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.364552021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.364609957 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.364619017 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.366322994 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.366372108 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.366384029 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.368046045 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.368098021 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.368113995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.369827986 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.369887114 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.369893074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.371494055 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.371535063 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.371541977 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.373267889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.373326063 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.373334885 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.374974012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.375025988 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.375036001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.376713037 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.376784086 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.376790047 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.378417969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.378474951 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.378485918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381609917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381661892 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381669044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381679058 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381728888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.381736040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.383455038 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.383498907 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.383506060 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.385071039 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.385184050 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.385195971 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.386715889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.386795044 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.386806965 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.388439894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.388499022 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.388504982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.390028954 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.390073061 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.390083075 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.390999079 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.391145945 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.391197920 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.391628981 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.391669989 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.391679049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.393110991 CEST49756443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.393158913 CEST44349756108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.393258095 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.393310070 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.393317938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.394867897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.394911051 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.394918919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.396589041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.396642923 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.396650076 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.398111105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.398154974 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.398161888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.399689913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.399735928 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.399744034 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.401171923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.401210070 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.401220083 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.402874947 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.402925014 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.402935028 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.404361963 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.404423952 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.404436111 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.405930996 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.405980110 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.405987978 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.407440901 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.407493114 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.407504082 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.408902884 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.409024000 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.409033060 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.410470009 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.410514116 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.410522938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.411866903 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.411978960 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.411986113 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.413348913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.413392067 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.413400888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.414773941 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.414865017 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.414879084 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.416342974 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.416399002 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.416423082 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.417644024 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.417753935 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.417761087 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.419116020 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.419184923 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.419190884 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.420695066 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.420763016 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.420768976 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422112942 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422219038 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422230959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.423388004 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.423469067 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.423475981 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.426073074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.426100969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.426122904 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.426127911 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.426167011 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.427442074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.428803921 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.428849936 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.428855896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.430227041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.430260897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.430278063 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.430285931 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.430324078 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.431651115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.432912111 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.432975054 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.432979107 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.434195995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.434267998 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.434331894 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.434338093 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.434376001 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.435451031 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.436744928 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.436770916 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.436793089 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.436799049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.436835051 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.438101053 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.439426899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.439481020 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.439487934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.440701962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.440735102 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.440781116 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.440793991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.441039085 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.441960096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.443583012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.443619967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.443633080 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.443644047 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.443706989 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.444791079 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.445853949 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.445905924 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.446033955 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.446048021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.446090937 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.447117090 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.448492050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.448549986 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.448563099 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.449722052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.449805021 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.449817896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.450949907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.451036930 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.451095104 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.451108932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.451148987 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.452214003 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.453489065 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.453566074 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.453573942 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.453603983 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.453651905 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.454720974 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.455916882 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.455979109 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.455991030 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.457149982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.457205057 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.457217932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458358049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458446026 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458501101 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458519936 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458561897 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.458568096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.459635973 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.459688902 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.459701061 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.460745096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.460799932 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.460810900 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.462008953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.462074995 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.462088108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.463423967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.463479042 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.463485956 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.464452982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.464517117 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.464528084 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.465396881 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.466500044 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.466509104 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.466628075 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.466691017 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.466697931 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.467735052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.467895031 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.467901945 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.468801022 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.468869925 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.468878031 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.469911098 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.470038891 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.470047951 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.471097946 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.471158981 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.471173048 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.472184896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.472477913 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.472485065 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.473438025 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.473494053 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.473500967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.474447966 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.474495888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.474503040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.475596905 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.475661993 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.475668907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.476648092 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.477734089 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.477763891 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.477801085 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.477812052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.477834940 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.478844881 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.478899956 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.478907108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.480091095 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.480943918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.480998039 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.481004953 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.481014967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.481036901 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.482042074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.483164072 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.483211994 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.483349085 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.483377934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.484229088 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.484311104 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.484328032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.485265017 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.486320019 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.486381054 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.486407042 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.486444950 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.486452103 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.487333059 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.488199949 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.488214016 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.488348961 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.488552094 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.488559961 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.489584923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.490416050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.490453959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.490478992 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.490494013 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.490516901 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.491493940 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.492150068 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.492163897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.492455959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.492800951 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.492811918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.493535042 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.494540930 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.494586945 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.494601011 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.494640112 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.494645119 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.496438980 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.496495962 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.496514082 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.496555090 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.497505903 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.497558117 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.497562885 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.497580051 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.497601032 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.498541117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.499516964 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.499564886 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.499574900 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.499586105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.499614954 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.500632048 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.500688076 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.500699997 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.501863003 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.502480984 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.502521992 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.502537966 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.502549887 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.503536940 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.503566027 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.503592014 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.503597975 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.504638910 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.504713058 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.504720926 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.505584955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.506460905 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.506506920 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.506521940 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.506556988 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.506680965 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.507477999 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.507528067 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.507539988 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.508443117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.508959055 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.508972883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.509427071 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.509579897 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.509592056 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.510360003 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.510423899 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.510437012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.511301994 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.511383057 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.511392117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.512423038 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.512478113 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.512490988 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.513320923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.514286995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.514353037 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.514373064 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.514413118 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.514425993 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.515218973 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.515371084 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.515391111 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.516064882 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.516130924 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.516140938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.517509937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.517560005 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.517566919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.517580032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.517613888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.518393040 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.518467903 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.518619061 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.518686056 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.519354105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.519406080 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.519437075 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.519462109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.519670963 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.520327091 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.520461082 CEST49755443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.520478964 CEST4434975513.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.521306992 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.521361113 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.521368027 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.521390915 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.521594048 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.522332907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.523221016 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.523277998 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.523292065 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.523308039 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.523339033 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.524030924 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525023937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525077105 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525090933 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525114059 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525922060 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525973082 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.525993109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.526036024 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.526823997 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.527708054 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.527745962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.527769089 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.527791977 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.527955055 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.528670073 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.529589891 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.529630899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.529643059 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.529664993 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.529947042 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.530467987 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.531313896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.531363964 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.531383991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.532207012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.532258987 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.532268047 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.532290936 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.532504082 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.533152103 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.534025908 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.534090996 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.534109116 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.534975052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535024881 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535043001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535768032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535821915 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535821915 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.535840034 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.536034107 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537051916 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537626982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537668943 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537699938 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537722111 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.537763119 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.538431883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.539336920 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.539400101 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.539419889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.540277004 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.540335894 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.540355921 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.540801048 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.541256905 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.541274071 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.541659117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.541704893 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.541717052 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.542526960 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.542582035 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.542598963 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.543564081 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.543710947 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.543724060 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.544219017 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.544279099 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.544285059 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546176910 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546231985 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546238899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546408892 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546583891 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.546591043 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.547565937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.547643900 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.547703981 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.547712088 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.547755003 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.548383951 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.549216032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.549285889 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.549307108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550029993 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550092936 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550148964 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550169945 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550209999 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550890923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.551732063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.551789999 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.551795006 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.551817894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.551971912 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.552604914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553019047 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553059101 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553435087 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553488970 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553505898 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.553524971 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554011106 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554028988 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554225922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554281950 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554284096 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554294109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.554339886 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555258036 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555285931 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555335999 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555335045 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555363894 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555459023 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555501938 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555929899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555970907 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.555980921 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.556001902 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.556515932 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.556675911 CEST49758443192.168.2.413.249.98.124
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.556701899 CEST4434975813.249.98.124192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.556773901 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.557583094 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.557643890 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.557643890 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.557672024 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.557713985 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.558423042 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.559174061 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.559216022 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.559264898 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.559286118 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.559330940 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.560147047 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.560904980 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.560947895 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.560969114 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.560992002 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.561043024 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.561619043 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.562129021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.562829971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.562851906 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.562988997 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.563066006 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.563075066 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.563843966 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.563898087 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.563916922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.564543962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.564589977 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.564609051 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.565395117 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.565443039 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.565462112 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.566241026 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.566304922 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.566323996 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.566973925 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.567063093 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.567080021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.567867994 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.568077087 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.568097115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.568541050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.568602085 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.568608999 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.569386959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.569444895 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.569452047 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.570195913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.570256948 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.570266962 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.570931911 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.571275949 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.571294069 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.571727991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.571774006 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.571789980 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.572467089 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.572520971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.572540045 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.573254108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.573925972 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.573997974 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.574001074 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.574023008 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.574070930 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.574754000 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.575300932 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.575321913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.575556040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.575606108 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.575617075 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.576364040 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.576414108 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.576431990 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.576992989 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577023983 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577086926 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577130079 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577146053 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577152967 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.577950001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578011036 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578028917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578121901 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578131914 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578671932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578722000 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.578738928 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.579395056 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.579454899 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.579471111 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.580198050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.580281973 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.580297947 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.580979109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.581078053 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.581094980 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.581979990 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.582031012 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.582088947 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.582110882 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.582158089 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.582807064 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.583498955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.583573103 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.583633900 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.583656073 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.583700895 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.584297895 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.584995031 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585051060 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585073948 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585769892 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585829973 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585839033 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585851908 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.585892916 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.586522102 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.587305069 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.587359905 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.587392092 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.587414026 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.587456942 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588018894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588772058 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588844061 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588898897 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588922024 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.588964939 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.589452982 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.590234041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.590281010 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.590301991 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.590985060 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.591059923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.591103077 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.591114998 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.591166973 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.591775894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.592410088 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.592456102 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.592466116 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593180895 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593239069 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593246937 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593849897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593902111 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.593910933 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.594564915 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.594633102 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.594683886 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.594696045 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.594769001 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.595288992 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596034050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596085072 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596091986 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596784115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596833944 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596852064 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596859932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.596997023 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.597480059 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598216057 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598298073 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598325014 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598334074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598371983 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.598910093 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600411892 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600469112 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600476027 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600630045 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600682974 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600689888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600845098 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600892067 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.600898027 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.601465940 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.601541042 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.601547003 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.602152109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.602197886 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.602204084 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603245020 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603302002 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603308916 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603610992 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603661060 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.603667021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.604384899 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.604880095 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.604887009 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.604990959 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.605448008 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.605454922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.605773926 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.605827093 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.605834007 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.606542110 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.606606007 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.606616020 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607060909 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607233047 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607244015 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607265949 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607271910 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607310057 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607314110 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607322931 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607374907 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607777119 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607827902 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.607842922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.608556986 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.608619928 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.608625889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609159946 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609213114 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609219074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609868050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609929085 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.609936953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.610594988 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.610641956 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.610650063 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.611243963 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.611495972 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.611505032 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.611974955 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612422943 CEST49759443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612446070 CEST4434975913.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612456083 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612462044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612643957 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612848043 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.612854958 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.613270044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.613338947 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.613346100 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614450932 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614527941 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614535093 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614913940 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614970922 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.614978075 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.615338087 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.615405083 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.615411043 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616081953 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616132975 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616139889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616760969 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616898060 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.616904020 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.617387056 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.617434978 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.617441893 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618257046 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618318081 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618324041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618339062 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618824959 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.618961096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.619671106 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.619726896 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.619734049 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.620304108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.620368004 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.620374918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.620975018 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.621018887 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.621069908 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.621078014 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.621118069 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.621568918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622262001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622332096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622356892 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622364044 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622402906 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.622968912 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.623605967 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.623655081 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.623738050 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.623744011 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.623789072 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.624258995 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.624938011 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625057936 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625109911 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625117064 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625169039 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625600100 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625828028 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625885010 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.625891924 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.626920938 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627046108 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627053022 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627756119 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627804041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627826929 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627834082 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.627871037 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.628521919 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.628694057 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.628739119 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.628746033 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.629589081 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.629777908 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.629832983 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.629839897 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.629879951 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.630422115 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631283998 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631333113 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631340027 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631581068 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631632090 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.631638050 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.632379055 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.632417917 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.632441044 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.632451057 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.633277893 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.633337021 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.633344889 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.633383989 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.633392096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634324074 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634382963 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634390116 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634877920 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634923935 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634927034 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.634937048 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.635289907 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.635296106 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.638768911 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.638796091 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.638926029 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.638926029 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.638952971 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.639025927 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.642504930 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.642529964 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.642569065 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.642597914 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.642610073 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.646831989 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.646859884 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.646945953 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.646945953 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.646967888 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.650557041 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.650578976 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.650619030 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.650629997 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.650645971 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.654001951 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.654032946 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.654072046 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.654081106 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.654119968 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.658287048 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.658308029 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.658353090 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.658377886 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.658396959 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.661758900 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.661783934 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.661829948 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.661845922 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.661875010 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.665072918 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.665095091 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.665137053 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.665169001 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.665200949 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.668474913 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.668499947 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.668544054 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.668566942 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.668602943 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.672492981 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.672516108 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.672558069 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.672581911 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.672610998 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.675715923 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.675744057 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.675796986 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.675820112 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.675837040 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.679045916 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.679064989 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.679104090 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.679122925 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.679142952 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.682760000 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.682791948 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.682828903 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.682847023 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.682863951 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.685887098 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.685911894 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.685957909 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.685973883 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.685986996 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.689038038 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.689066887 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.689102888 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.689131021 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.689146996 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.692071915 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.692092896 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.692127943 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.692145109 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.692161083 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.695631981 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.695662022 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.695707083 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.695729971 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.695746899 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.698491096 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.698533058 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.698575974 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.698590994 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.698616982 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700299025 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700368881 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700385094 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700476885 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700485945 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700524092 CEST44349751192.178.50.65192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700527906 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.700563908 CEST49751443192.168.2.4192.178.50.65
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.808872938 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.809242010 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.809278011 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.809627056 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.810405016 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.810472012 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.810537100 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.834769964 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.837452888 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.837471962 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.838536024 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.838792086 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.841375113 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.841437101 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.841578960 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.852121115 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.858025074 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.888109922 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.889343023 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.889348030 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.905064106 CEST4972580192.168.2.4152.195.50.149
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.936134100 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.029628038 CEST8049725152.195.50.149192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.029670000 CEST4972580192.168.2.4152.195.50.149
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.114321947 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.114398956 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.114528894 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.115309000 CEST49763443192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.115322113 CEST44349763108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.126967907 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.127051115 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.127111912 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.128357887 CEST49761443192.168.2.413.249.98.78
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.128374100 CEST4434976113.249.98.78192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.909354925 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.909385920 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.909446001 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.909723997 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.909740925 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.300012112 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.300256014 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.300270081 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.302848101 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.302934885 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.303956032 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.304017067 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.357105970 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.357120037 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.407660007 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.823983908 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.824022055 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.824110985 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.825445890 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:03.825460911 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.084922075 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.085009098 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.086672068 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.086682081 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.086914062 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.136487007 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.180115938 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.329117060 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.329242945 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.329313040 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.358992100 CEST49767443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.359078884 CEST4434976723.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.396763086 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.396794081 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.397043943 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.397245884 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.397254944 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518891096 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518929958 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518981934 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.519190073 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.519211054 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.658211946 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.658322096 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.659446001 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.659451962 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.659691095 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.660876036 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.708112955 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.906352043 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.906428099 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.906537056 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.910423040 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.914170027 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.914194107 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915497065 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915572882 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915915012 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915950060 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915981054 CEST49768443192.168.2.423.193.120.112
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.915986061 CEST4434976823.193.120.112192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.918171883 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.918230057 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.919111967 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.919213057 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.919254065 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.964138031 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.966242075 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.966254950 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.013117075 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.555392027 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.555421114 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.555484056 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.555514097 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.562621117 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.562695026 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.562702894 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.575442076 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.575542927 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.575553894 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.581518888 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.581600904 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.581713915 CEST49770443192.168.2.4192.178.50.46
                                                                                                                                                                                                              Apr 26, 2024 07:43:05.581732035 CEST44349770192.178.50.46192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:13.294980049 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:13.295058966 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:13.295900106 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:13.672420979 CEST49766443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:43:13.672436953 CEST44349766142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:14.688987017 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:14.689028978 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:14.689093113 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:14.689620018 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:14.689632893 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.186134100 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.186220884 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.188476086 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.188488007 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.188808918 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.199985981 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.244124889 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660588026 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660633087 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660650015 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660708904 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660728931 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660777092 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660917044 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660950899 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660973072 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.660976887 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.661016941 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.661020994 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.661067009 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.661108971 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.666909933 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.666929007 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.666950941 CEST49771443192.168.2.413.85.23.86
                                                                                                                                                                                                              Apr 26, 2024 07:43:15.666955948 CEST4434977113.85.23.86192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.036658049 CEST8049747108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.036745071 CEST4974780192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.037153006 CEST8049746108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.037247896 CEST4974680192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.693387985 CEST4974680192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.693449020 CEST4974780192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.818193913 CEST8049746108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:29.818238974 CEST8049747108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.016257048 CEST4972380192.168.2.423.45.182.77
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.017227888 CEST4972480192.168.2.423.45.182.69
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.141289949 CEST804972323.45.182.77192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.141379118 CEST4972380192.168.2.423.45.182.77
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.146775961 CEST804972423.45.182.69192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:30.148232937 CEST4972480192.168.2.423.45.182.69
                                                                                                                                                                                                              Apr 26, 2024 07:43:44.045523882 CEST4974580192.168.2.4108.157.173.24
                                                                                                                                                                                                              Apr 26, 2024 07:43:44.169537067 CEST8049745108.157.173.24192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:02.827363014 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:02.827410936 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:02.827537060 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:02.827750921 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:02.827770948 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.155102015 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.155448914 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.155467033 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.155807018 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.156204939 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.156270027 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:03.201066017 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:13.190537930 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:13.190614939 CEST44349773142.250.217.228192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:13.190963984 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:13.672450066 CEST49773443192.168.2.4142.250.217.228
                                                                                                                                                                                                              Apr 26, 2024 07:44:13.672480106 CEST44349773142.250.217.228192.168.2.4

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.620439053 CEST5793553192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST53579351.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:41.601035118 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.504651070 CEST5791753192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.504765987 CEST5399453192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.630494118 CEST53624571.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST53579171.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.637898922 CEST53539941.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.682163954 CEST53509961.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.037771940 CEST5636953192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.037904024 CEST6251753192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST53563691.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.166295052 CEST53625171.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.623853922 CEST5914453192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.624206066 CEST6297653192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.748660088 CEST53591441.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.749422073 CEST53629761.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.912571907 CEST6335253192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.912728071 CEST6262153192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.916140079 CEST6324453192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.916516066 CEST6144553192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.044639111 CEST53614451.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.056727886 CEST53494741.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST53632441.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.099720001 CEST53626211.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST53633521.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.780458927 CEST5523953192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.780846119 CEST6305353192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.806551933 CEST6193053192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.806672096 CEST5454153192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST53552391.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907850981 CEST53630531.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST53619301.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036196947 CEST53545411.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422599077 CEST5333853192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422785997 CEST5503753192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST53533381.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.645312071 CEST53550371.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.865204096 CEST53500601.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.765089035 CEST5596853192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.765213966 CEST5164753192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.890152931 CEST53516471.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.890537977 CEST53559681.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.392204046 CEST5361953192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.392348051 CEST6288253192.168.2.41.1.1.1
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.517396927 CEST53582771.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518404007 CEST53628821.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518419027 CEST53536191.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:18.973505020 CEST53629651.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:38.185092926 CEST53542221.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:43:58.282268047 CEST53570341.1.1.1192.168.2.4
                                                                                                                                                                                                              Apr 26, 2024 07:44:01.079168081 CEST53644761.1.1.1192.168.2.4

                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036386967 CEST192.168.2.41.1.1.1c268(Port unreachable)Destination Unreachable

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.620439053 CEST192.168.2.41.1.1.10xe798Standard query (0)content.sweetim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.504651070 CEST192.168.2.41.1.1.10xbfbStandard query (0)www.sweetim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.504765987 CEST192.168.2.41.1.1.10xd191Standard query (0)www.sweetim.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.037771940 CEST192.168.2.41.1.1.10x4921Standard query (0)www.sweetim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.037904024 CEST192.168.2.41.1.1.10x334cStandard query (0)www.sweetim.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.623853922 CEST192.168.2.41.1.1.10x5f0cStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.624206066 CEST192.168.2.41.1.1.10xbf5dStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.912571907 CEST192.168.2.41.1.1.10xddaStandard query (0)storage2.stgbssint.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.912728071 CEST192.168.2.41.1.1.10xe57bStandard query (0)storage2.stgbssint.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.916140079 CEST192.168.2.41.1.1.10xa9abStandard query (0)se-p-static-content.seccint.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.916516066 CEST192.168.2.41.1.1.10x6a93Standard query (0)se-p-static-content.seccint.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.780458927 CEST192.168.2.41.1.1.10xf246Standard query (0)se-p-static-content.seccint.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.780846119 CEST192.168.2.41.1.1.10xad7bStandard query (0)se-p-static-content.seccint.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.806551933 CEST192.168.2.41.1.1.10x48bbStandard query (0)storage2.stgbssint.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.806672096 CEST192.168.2.41.1.1.10xc707Standard query (0)storage2.stgbssint.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422599077 CEST192.168.2.41.1.1.10x33ccStandard query (0)www.sweetim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.422785997 CEST192.168.2.41.1.1.10x7167Standard query (0)www.sweetim.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.765089035 CEST192.168.2.41.1.1.10x14ffStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.765213966 CEST192.168.2.41.1.1.10xc429Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.392204046 CEST192.168.2.41.1.1.10x3b0fStandard query (0)chrome.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.392348051 CEST192.168.2.41.1.1.10xe923Standard query (0)chrome.google.com65IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)content.sweetim.commystart.sweetim.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)mystart.sweetim.comd1a7vclbryqy69.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)d1a7vclbryqy69.cloudfront.net13.249.98.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)d1a7vclbryqy69.cloudfront.net13.249.98.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)d1a7vclbryqy69.cloudfront.net13.249.98.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.783103943 CEST1.1.1.1192.168.2.40xe798No error (0)d1a7vclbryqy69.cloudfront.net13.249.98.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST1.1.1.1192.168.2.40xbfbNo error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST1.1.1.1192.168.2.40xbfbNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST1.1.1.1192.168.2.40xbfbNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST1.1.1.1192.168.2.40xbfbNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.634149075 CEST1.1.1.1192.168.2.40xbfbNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.637898922 CEST1.1.1.1192.168.2.40xd191No error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST1.1.1.1192.168.2.40x4921No error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST1.1.1.1192.168.2.40x4921No error (0)d1p1fga02t8l00.cloudfront.net108.157.173.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST1.1.1.1192.168.2.40x4921No error (0)d1p1fga02t8l00.cloudfront.net108.157.173.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST1.1.1.1192.168.2.40x4921No error (0)d1p1fga02t8l00.cloudfront.net108.157.173.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.165827036 CEST1.1.1.1192.168.2.40x4921No error (0)d1p1fga02t8l00.cloudfront.net108.157.173.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.166295052 CEST1.1.1.1192.168.2.40x334cNo error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.748660088 CEST1.1.1.1192.168.2.40x5f0cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.748660088 CEST1.1.1.1192.168.2.40x5f0cNo error (0)googlehosted.l.googleusercontent.com192.178.50.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.749422073 CEST1.1.1.1192.168.2.40xbf5dNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.044639111 CEST1.1.1.1192.168.2.40x6a93No error (0)se-p-static-content.seccint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST1.1.1.1192.168.2.40xa9abNo error (0)se-p-static-content.seccint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST1.1.1.1192.168.2.40xa9abNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST1.1.1.1192.168.2.40xa9abNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST1.1.1.1192.168.2.40xa9abNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.060882092 CEST1.1.1.1192.168.2.40xa9abNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.099720001 CEST1.1.1.1192.168.2.40xe57bNo error (0)storage2.stgbssint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST1.1.1.1192.168.2.40xddaNo error (0)storage2.stgbssint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST1.1.1.1192.168.2.40xddaNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST1.1.1.1192.168.2.40xddaNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST1.1.1.1192.168.2.40xddaNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.107503891 CEST1.1.1.1192.168.2.40xddaNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST1.1.1.1192.168.2.40xf246No error (0)se-p-static-content.seccint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST1.1.1.1192.168.2.40xf246No error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST1.1.1.1192.168.2.40xf246No error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST1.1.1.1192.168.2.40xf246No error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907563925 CEST1.1.1.1192.168.2.40xf246No error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.907850981 CEST1.1.1.1192.168.2.40xad7bNo error (0)se-p-static-content.seccint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST1.1.1.1192.168.2.40x48bbNo error (0)storage2.stgbssint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST1.1.1.1192.168.2.40x48bbNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST1.1.1.1192.168.2.40x48bbNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST1.1.1.1192.168.2.40x48bbNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:00.941181898 CEST1.1.1.1192.168.2.40x48bbNo error (0)dw0k3g0iqpx8s.cloudfront.net13.249.98.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.036196947 CEST1.1.1.1192.168.2.40xc707No error (0)storage2.stgbssint.comdw0k3g0iqpx8s.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST1.1.1.1192.168.2.40x33ccNo error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST1.1.1.1192.168.2.40x33ccNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST1.1.1.1192.168.2.40x33ccNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST1.1.1.1192.168.2.40x33ccNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.550498009 CEST1.1.1.1192.168.2.40x33ccNo error (0)d1p1fga02t8l00.cloudfront.net108.157.173.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:01.645312071 CEST1.1.1.1192.168.2.40x7167No error (0)www.sweetim.comd1p1fga02t8l00.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.890152931 CEST1.1.1.1192.168.2.40xc429No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:02.890537977 CEST1.1.1.1192.168.2.40x14ffNo error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518404007 CEST1.1.1.1192.168.2.40xe923No error (0)chrome.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518419027 CEST1.1.1.1192.168.2.40x3b0fNo error (0)chrome.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Apr 26, 2024 07:43:04.518419027 CEST1.1.1.1192.168.2.40x3b0fNo error (0)www3.l.google.com192.178.50.46A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • content.sweetim.com
                                                                                                                                                                                                              • slscr.update.microsoft.com
                                                                                                                                                                                                              • www.sweetim.com
                                                                                                                                                                                                              • clients2.googleusercontent.com
                                                                                                                                                                                                              • https:
                                                                                                                                                                                                                • se-p-static-content.seccint.com
                                                                                                                                                                                                                • storage2.stgbssint.com
                                                                                                                                                                                                              • fs.microsoft.com
                                                                                                                                                                                                              • chrome.google.com

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.44973313.249.98.125806936C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Apr 26, 2024 07:42:20.926795006 CEST403OUTGET /bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                              Host: content.sweetim.com
                                                                                                                                                                                                              Apr 26, 2024 07:42:21.051527023 CEST762INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Server: CloudFront
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:42:20 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 167
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;;
                                                                                                                                                                                                              X-Cache: Redirect from cloudfront
                                                                                                                                                                                                              Via: 1.1 9fe397b69d772fbd7341985885a78974.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: pCnEGTs6l-aQvgYysSFcDKyiH-Y2wcoiM8QPXiEKMrflTXMq5EWWUA==
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.302691936 CEST495OUTGET /bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                              Host: content.sweetim.com
                                                                                                                                                                                                              Cookie: UserId=C0736790-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A21.577Z
                                                                                                                                                                                                              Apr 26, 2024 07:42:57.427485943 CEST762INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Server: CloudFront
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:42:57 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 167
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://content.sweetim.com/bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;;
                                                                                                                                                                                                              X-Cache: Redirect from cloudfront
                                                                                                                                                                                                              Via: 1.1 9fe397b69d772fbd7341985885a78974.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: uxunMBC88zu5oqTa1MNJCYfauOYP5eGVSwGRCs_ErJw43Qb9-52K_A==
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.449745108.157.173.24804020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              Apr 26, 2024 07:42:58.909565926 CEST489OUTGET /installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588} HTTP/1.1
                                                                                                                                                                                                              Host: www.sweetim.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Apr 26, 2024 07:42:59.033917904 CEST623INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                              Server: CloudFront
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:42:58 GMT
                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                              Content-Length: 167
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Location: https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}
                                                                                                                                                                                                              X-Cache: Redirect from cloudfront
                                                                                                                                                                                                              Via: 1.1 942d82cfe2f7cdc64ac3357fc7b8dc1c.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P3
                                                                                                                                                                                                              X-Amz-Cf-Id: kJEj70J8h8u0lDjrXLWAuA6GUjEFVUFA-JVyQ3aTX1ur9O9hTeSRuw==
                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
                                                                                                                                                                                                              Apr 26, 2024 07:43:44.045523882 CEST6OUTData Raw: 00
                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.44973413.249.98.1254436936C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:42:21 UTC427OUTGET /bi/track.gif?prodid=1&compid=35&actid=100&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                              Host: content.sweetim.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-04-26 05:42:21 UTC1051INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 68050
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Content-DPR, Device-Memory, DPR, Viewport-Width, Width, Downlink, ECT, RTT, Save-Data
                                                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                                                              date: Fri, 26 Apr 2024 05:42:21 GMT
                                                                                                                                                                                                              etag: W/"109d2-WsABT+0BC+NqiUApt9GiDi6/qOM"
                                                                                                                                                                                                              server: istio-envoy
                                                                                                                                                                                                              set-cookie: UserId=C0736790-038F-11EF-AAC5-BF869E32CC1E; Domain=content.sweetim.com; Path=/; Expires=Mon, 24 Apr 2034 05:42:21 GMT
                                                                                                                                                                                                              set-cookie: UserData=2024-04-26T05%3A42%3A21.577Z; Domain=content.sweetim.com; Path=/; Expires=Mon, 24 Apr 2034 05:42:21 GMT
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              x-envoy-upstream-service-time: 11
                                                                                                                                                                                                              x-powered-by: Express
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 aab97f44d1fd9aa4917e5ee232773a52.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: TVB7GDSEnwic7M4fVeoGVRCKJDemO0AWFIGyi1j-Ynp-XXIm_me0EQ==
                                                                                                                                                                                                              2024-04-26 05:42:21 UTC1996INData Raw: 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 61 72 63 68 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 37 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 7d 62 6f 64 79 20 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 62
                                                                                                                                                                                                              Data Ascii: <head> <title>Search</title> <style xmlns="http://www.w3.org/1999/html"> html{height:100%;min-width:700px;position:relative}body{font-family:Arial;padding:0;margin:0;background-color:#ffffff}body a img{border:none;outline:none !important}b


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.44973513.85.23.86443
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:42:37 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6NvAnKL1OPtr5PT&MD=RuvlYw+b HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                                                              2024-04-26 05:42:37 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                              MS-CorrelationId: ad30a467-ffac-4be6-88d2-377dff0593dc
                                                                                                                                                                                                              MS-RequestId: 36436bca-f33f-4c34-9579-a5e24999e211
                                                                                                                                                                                                              MS-CV: 9+1IPDWGo0uhTJxG.0
                                                                                                                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:42:36 GMT
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Length: 24490
                                                                                                                                                                                                              2024-04-26 05:42:37 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                              2024-04-26 05:42:37 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.44974113.249.98.1254436936C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:42:57 UTC519OUTGET /bi/track.gif?prodid=1&compid=35&actid=102&cargo=WV:6.2;SC:0;SSN:145695948050;C_FILEVER:1.3.0.3;C_BUILDTIME:1302091979;C_REPORT:;B_IMVER:3.6.0002;B_IEVER:4.2.0004;B_BUILDTIME:1318168523;B_INFO:;; HTTP/1.1
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                              Host: content.sweetim.com
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: UserId=C0736790-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A21.577Z
                                                                                                                                                                                                              2024-04-26 05:42:58 UTC793INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 68050
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Content-DPR, Device-Memory, DPR, Viewport-Width, Width, Downlink, ECT, RTT, Save-Data
                                                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                                                              date: Fri, 26 Apr 2024 05:42:58 GMT
                                                                                                                                                                                                              etag: W/"109d2-WsABT+0BC+NqiUApt9GiDi6/qOM"
                                                                                                                                                                                                              server: istio-envoy
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              x-envoy-upstream-service-time: 23
                                                                                                                                                                                                              x-powered-by: Express
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 456dd60f1399d8458ed20abe4eae33a0.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: 0hZf8gXX7Ts7DHISC5X-baGpwwI7t-G3C6-kylVIYL16ZoeAFaMIDQ==
                                                                                                                                                                                                              2024-04-26 05:42:58 UTC3682INData Raw: 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 61 72 63 68 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 37 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 7d 62 6f 64 79 20 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 62
                                                                                                                                                                                                              Data Ascii: <head> <title>Search</title> <style xmlns="http://www.w3.org/1999/html"> html{height:100%;min-width:700px;position:relative}body{font-family:Arial;padding:0;margin:0;background-color:#ffffff}body a img{border:none;outline:none !important}b
                                                                                                                                                                                                              2024-04-26 05:42:58 UTC8568INData Raw: 65 6e 20 2e 61 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 62 6f 64 79 20 2e 68 65 61 64 65 72 20 2e 63 61 74 65 67 6f 72 69 65 73 5f 77 72 61 70 70 65 72 2e 73 65 6c 65 63 74 65 64 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 37 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 38 38 36 64 37 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 62 6f 64 79 20 2e 68 65 61 64 65 72 20 23 62 69 6e 67 5f 65 6c 65 6d 65 6e 74 5f 77 72 61 70 70 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 35 70 78 3b 74 6f 70 3a 30 3b 63 6f 6c 6f 72 3a 23 63 63 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 66 6f 6e 74 2d
                                                                                                                                                                                                              Data Ascii: en .a{margin-left:0}body .header .categories_wrapper.selected{color:#fff;display:block;line-height:28px;padding:0 7px;background:#0886d7;font-weight:bold}body .header #bing_element_wrapper{position:absolute;right:15px;top:0;color:#ccc;font-size:13px;font-
                                                                                                                                                                                                              2024-04-26 05:42:58 UTC1428INData Raw: 63 6f 6c 6f 72 3a 23 38 32 35 39 61 62 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 73 75 67 67 65 73 74 2d 69 74 65 6d 2d 77 72 61 70 70 65 72 20 2e 68 69 73 74 6f 72 79 2d 69 74 65 6d 2d 78 2d 62 74 6e 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 73 75 67 67 65 73 74 2d 69 74 65 6d 2d 77 72 61 70 70 65 72 20 2e 68 69 73 74 6f 72 79 2d 69 74 65 6d 2d 78 2d 62 74 6e 3a 68 6f 76 65 72 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 73 75 67 67 65 73 74 2d 69 74 65 6d 2d 77 72 61 70 70 65 72 20 2e 68 69 73 74 6f 72 79 2d 69 74 65 6d 2d 78 2d 62 74 6e 2d 73 65 6c 65 63 74 65 64 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 23 73 75 67 67 65 73 74 4c 69 73 74 57 72 61 70
                                                                                                                                                                                                              Data Ascii: color:#8259ab;font-weight:bold}.suggest-item-wrapper .history-item-x-btn{float:right;display:none}.suggest-item-wrapper .history-item-x-btn:hover{cursor:pointer}.suggest-item-wrapper .history-item-x-btn-selected{float:right;cursor:pointer}#suggestListWrap
                                                                                                                                                                                                              2024-04-26 05:42:58 UTC5712INData Raw: 20 20 20 20 2f 2f 20 73 69 6d 70 6c 65 20 64 61 74 61 20 74 79 70 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 20 3d 3d 20 22 73 74 72 69 6e 67 22 29 20 6f 62 6a 20 3d 20 27 22 27 20 2b 20 6f 62 6a 20 2b 20 27 22 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 6f 62 6a 29 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 65 6c 73 65 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 72 65 63 75 72 73 65 20 61 72 72 61 79 20 6f 72 20 6f 62 6a 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6e 2c 20 76 2c 20 6a 73 6f 6e 20 3d 20 5b 5d 2c 20 61 72 72 20 3d 20 28 6f 62 6a 20 26 26 20 6f 62 6a 2e 63 6f 6e 73
                                                                                                                                                                                                              Data Ascii: // simple data type if (t == "string") obj = '"' + obj + '"'; return String(obj); } else { // recurse array or object var n, v, json = [], arr = (obj && obj.cons


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.449748108.157.173.244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC717OUTGET /installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588} HTTP/1.1
                                                                                                                                                                                                              Host: www.sweetim.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC1042INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                              Content-Length: 68050
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Content-DPR, Device-Memory, DPR, Viewport-Width, Width, Downlink, ECT, RTT, Save-Data
                                                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                                                              date: Fri, 26 Apr 2024 05:42:59 GMT
                                                                                                                                                                                                              etag: W/"109d2-WsABT+0BC+NqiUApt9GiDi6/qOM"
                                                                                                                                                                                                              server: istio-envoy
                                                                                                                                                                                                              set-cookie: UserId=D725A570-038F-11EF-AAC5-BF869E32CC1E; Domain=www.sweetim.com; Path=/; Expires=Mon, 24 Apr 2034 05:42:59 GMT
                                                                                                                                                                                                              set-cookie: UserData=2024-04-26T05%3A42%3A59.655Z; Domain=www.sweetim.com; Path=/; Expires=Mon, 24 Apr 2034 05:42:59 GMT
                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                              x-envoy-upstream-service-time: 9
                                                                                                                                                                                                              x-powered-by: Express
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 50fb19eda678e6a896981a444fb09aa6.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P3
                                                                                                                                                                                                              X-Amz-Cf-Id: 4SRws1HQnzseCiaz3bvepZ1NBILLJBfqhaV5Ur7FcGGUECcbr3VdCw==
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC577INData Raw: 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 61 72 63 68 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 37 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 7d 62 6f 64 79 20 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 62
                                                                                                                                                                                                              Data Ascii: <head> <title>Search</title> <style xmlns="http://www.w3.org/1999/html"> html{height:100%;min-width:700px;position:relative}body{font-family:Arial;padding:0;margin:0;background-color:#ffffff}body a img{border:none;outline:none !important}b
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC12852INData Raw: 23 6c 69 4d 65 6e 75 5f 77 72 61 70 70 65 72 20 23 6c 69 4d 65 6e 75 5f 69 6e 6e 65 72 5f 77 72 61 70 70 65 72 20 23 6c 69 4d 6f 72 65 20 2e 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 2d 77 72 61 70 70 65 72 20 2e 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 36 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 38 70 78 7d 62 6f 64 79 20 2e 68 65 61 64 65 72 2e 72 74 6c 20 2e 73 69 64 65 31 20 2e 63 61 74 65 67 6f 72 69 65 73 5f 77 72 61 70 70 65 72 20 6c 69 20 2e 68 65 61 64 65 72 2d 69 74 65 6d 2d 62 74 6e 2e 6f 70 65 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 36 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 33 70 78 7d 62 6f 64 79 20 2e 68 65 61 64 65 72 2e 72 74 6c 20 2e 73 69 64 65 32 7b 66 6c 6f 61 74 3a
                                                                                                                                                                                                              Data Ascii: #liMenu_wrapper #liMenu_inner_wrapper #liMore .dropdown-item-wrapper .dropdown-item{padding-left:26px;padding-right:8px}body .header.rtl .side1 .categories_wrapper li .header-item-btn.open{padding-left:6px;padding-right:13px}body .header.rtl .side2{float:
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC2856INData Raw: 2f 67 2c 20 27 27 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 76 61 72 20 4a 53 4f 4e 20 3d 20 4a 53 4f 4e 20 7c 7c 20 7b 7d 3b 0a 0a 2f 2f 20 69 6d 70 6c 65 6d 65 6e 74 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 20 73 65 72 69 61 6c 69 7a 61 74 69 6f 6e 0a 20 20 20 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 20 3d 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 20 7c 7c 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 74 79 70 65 6f 66 20 28 6f 62 6a 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 20 21 3d 20 22 6f 62 6a 65 63 74 22 20 7c 7c 20 6f 62 6a 20 3d 3d 3d 20 6e 75 6c 6c 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f
                                                                                                                                                                                                              Data Ascii: /g, ''); } } var JSON = JSON || {};// implement JSON.stringify serialization JSON.stringify = JSON.stringify || function (obj) { var t = typeof (obj); if (t != "object" || obj === null) { //
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC8568INData Raw: 30 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 20 3d 3d 3d 20 70 61 72 61 6d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 20 3d 20 70 61 69 72 5b 31 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 76 61 6c 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 55 70 64 61 74 65 55 72 6c 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6b 65 79 2c 20 6e 65 77 76 61 6c 2c 20 61 64 64 49 66 4e 6f 74 45 78 69 73 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 70 61 72 61 6d 20 3d
                                                                                                                                                                                                              Data Ascii: 0].toLowerCase() === param.toLowerCase()) { val = pair[1]; break; } } return val; }, UpdateUrl: function (key, newval, addIfNotExist) { var param =
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC2856INData Raw: 6d 6f 76 65 48 69 73 74 6f 72 79 46 72 6f 6d 53 75 67 67 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 64 65 78 53 75 67 67 65 73 74 4c 69 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 6d 6f 76 65 48 69 73 74 6f 72 79 46 72 6f 6d 53 75 67 67 65 73 74 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 75 67 67 65 73 74 57 72 61 70 70 65 72 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 22 22 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 75 70 64 61 74 65 48 69 73 74 6f 72 79 43 6f 6f 6b 69 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 68 69 73 20 3d 20 7b 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                              Data Ascii: moveHistoryFromSuggest(); } indexSuggestList(); } function removeHistoryFromSuggest() { suggestWrapper.innerHTML = ""; } function updateHistoryCookie() { var his = {
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC2856INData Raw: 74 6f 72 79 49 74 65 6d 73 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 67 65 74 48 69 73 74 6f 72 79 49 74 65 6d 73 46 72 6f 6d 43 6f 6f 6b 69 65 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6f 6e 43 6c 65 61 72 41 6c 6c 43 6c 69 63 6b 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 49 74 65 6d 73 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 65 61 72 48 69 73 74 6f 72 79 46 72 6f 6d 43 6f 6f 6b 69 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 6d 6f 76 65 48 69 73 74 6f 72 79 46 72 6f 6d 53 75 67 67 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 6c 65 61 72 48 69 73
                                                                                                                                                                                                              Data Ascii: toryItems() { return getHistoryItemsFromCookie(); } function onClearAllClick() { historyItems = []; clearHistoryFromCookie(); removeHistoryFromSuggest(); } function clearHis
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC2856INData Raw: 74 72 69 6e 67 2e 73 74 61 72 74 73 57 69 74 68 28 73 75 67 67 65 73 74 2c 20 74 65 72 6d 29 20 3f 20 28 74 65 72 6d 20 2b 20 27 3c 62 3e 27 20 2b 20 73 75 67 67 65 73 74 2e 72 65 70 6c 61 63 65 28 74 65 72 6d 2c 20 27 27 29 20 2b 20 27 3c 2f 62 3e 27 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3a 20 28 27 3c 62 3e 27 20 2b 20 73 75 67 67 65 73 74 20 2b 20 27 3c 2f 62 3e 27 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6e 65 77 53 75 67 67 65 73 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 76 61 6c 29 3b 0a 0a 20 20 20 20 20 20 20 20 73 70 61 6e 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 6e 65 77 53 75 67 67 65 73 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 65 6c 2e 73 65 74 41 74 74 72
                                                                                                                                                                                                              Data Ascii: tring.startsWith(suggest, term) ? (term + '<b>' + suggest.replace(term, '') + '</b>') : ('<b>' + suggest + '</b>'), newSuggest = document.createTextNode(val); span.innerHTML = newSuggest.textContent; el.setAttr
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC2856INData Raw: 20 20 20 20 20 20 76 61 72 20 73 65 6c 65 63 74 65 64 20 3d 20 73 75 67 67 65 73 74 4c 69 73 74 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 67 65 74 53 65 6c 65 63 74 65 64 4e 6f 64 65 28 29 5d 3b 0a 20 20 20 20 20 20 20 20 69 66 20 28 73 65 6c 65 63 74 65 64 20 26 26 20 73 65 6c 65 63 74 65 64 2e 74 61 67 4e 61 6d 65 20 3d 3d 3d 20 27 4c 49 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 6d 6f 76 65 48 6f 76 65 72 28 73 65 6c 65 63 74 65 64 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 65 64 4e 6f 64 65 20 3d 20 2d 31 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6f 6e 4d 6f 75 73 65 45 6e 74 65 72 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6e 65 77 53 65 6c 65 63
                                                                                                                                                                                                              Data Ascii: var selected = suggestList.childNodes[getSelectedNode()]; if (selected && selected.tagName === 'LI') { removeHover(selected); selectedNode = -1; } } function onMouseEnter(event) { var newSelec
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC1428INData Raw: 4d 61 6e 61 67 65 72 2e 67 65 74 53 61 76 65 64 48 69 73 74 6f 72 79 53 74 61 74 65 28 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 75 67 67 65 73 74 4c 69 73 74 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 27 27 3b 0a 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 4d 61 6e 61 67 65 72 2e 61 70 70 65 6e 64 48 69 73 74 6f 72 79 49 74 65 6d 73 28 29 3b 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 53 75 67 67 65 73 74 57 72 61 70 70 65 72 28 29 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 69 73 53 75 67 67 65 73 74 4f 70 65 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 73 75 67 67 65 73 74 57 72 61 70 70 65 72 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61
                                                                                                                                                                                                              Data Ascii: Manager.getSavedHistoryState()) { return; } suggestList.innerHTML = ''; historyManager.appendHistoryItems(); openSuggestWrapper(); } function isSuggestOpen() { return suggestWrapper.style.displa
                                                                                                                                                                                                              2024-04-26 05:42:59 UTC1428INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 73 75 67 67 65 73 74 4c 69 73 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 72 65 61 74 65 53 75 67 67 65 73 74 45 6c 28 72 65 73 2e 74 65 72 6d 2c 20 72 65 73 2e 69 74 65 6d 73 5b 69 5d 2c 20 73 75 67 67 65 73 74 4c 69 73 74 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 2c 20 66 61 6c 73 65 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 21 69 73 48 69 73 74 6f 72 79 49 74 65 6d 28 6a 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 70 64 61 74 65 53 75 67 67 65 73 74 45 6c 28 73 75 67 67 65 73 74 4c 69 73 74 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 6a 5d 2c 20 72 65 73 2e 74 65 72 6d 2c 20 72 65 73 2e 69 74 65 6d 73 5b 69 5d 29 3b 0a 20 20
                                                                                                                                                                                                              Data Ascii: suggestList.appendChild(createSuggestEl(res.term, res.items[i], suggestList.childNodes.length, false)); } else if (!isHistoryItem(j)) { updateSuggestEl(suggestList.childNodes[j], res.term, res.items[i]);


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.449751192.178.50.654434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC564OUTGET /crx/blobs/AfQPRnlSkk0SHkG5PXvb3F_Q7hH-5ddsxHHT56Cx-_JWux0fg0SnDHAT6sRgPwMxLj9QK3jdbgroAjU8smhTZreN3EjllobyDxCd6anURJdX2LwhsxiO4Wd9jGJUvOZjNG0AxlKa5b7kLavSfewVpsPdhgIchnuqABvb/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_4_1_2.crx HTTP/1.1
                                                                                                                                                                                                              Host: clients2.googleusercontent.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                              X-GUploader-UploadID: ABPtcPqyxoft4NWfa9VH6EIIWmasQiicFPs6XSy3siOM8eMjynU4j0Dp2v79xodgtxvHhur8fIKLSCiBFg
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Content-Length: 1376124
                                                                                                                                                                                                              X-Goog-Hash: crc32c=1TO8VQ==
                                                                                                                                                                                                              Server: UploadServer
                                                                                                                                                                                                              Date: Thu, 25 Apr 2024 11:51:53 GMT
                                                                                                                                                                                                              Expires: Fri, 25 Apr 2025 11:51:53 GMT
                                                                                                                                                                                                              Cache-Control: public, max-age=31536000
                                                                                                                                                                                                              Age: 64267
                                                                                                                                                                                                              Last-Modified: Mon, 22 Apr 2024 05:01:44 GMT
                                                                                                                                                                                                              ETag: f4a13e4a_1a1e8bed_06a0c69a_2324c73f_0d9c8f3c
                                                                                                                                                                                                              Content-Type: application/x-chrome-extension
                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC681INData Raw: 43 72 32 34 03 00 00 00 19 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d
                                                                                                                                                                                                              Data Ascii: Cr240"0*H0\7c<Fto82'5qk%2CF9#exQ[L|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k|1n<Fbf*Q1s2{*6PpobM
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 37 ee 43 48 3c 84 ab 74 ac e7 09 37 64 03 aa 12 29 4a 45 11 53 9c a0 3f 79 f4 34 05 a9 e3 5b 96 20 7d 31 5f 99 ad 94 93 f8 33 95 c4 0a 5d 31 22 73 b0 27 33 23 02 03 01 00 01 12 80 01 7d 72 9f 53 db ba c8 0b 1b 1d 5b 7e 57 c6 72 c0 22 db 7b 12 5b 84 b5 16 86 1a 0e 37 6b 17 9b c6 7d d5 e6 c0 17 2d dd 14 4e 53 4d 6a 2d fd 45 bc 06 29 4d 1f ec 8e d9 ec 31 8e 01 a2 34 ec e9 e1 8e 57 ab 3f e7 0d ca 9d 63 b9 b3 73 b2 ca 3c 14 e9 01 31 36 1a ad 6e a0 b2 8a f4 5b ca 81 12 6e c3 0a 17 cc a1 a3 49 0f 5d 4a 1f 71 23 46 d7 39 9b 2d 14 3e 18 3a de 7c 7b 7b db 28 f8 6e 9c 00 1a a6 01 0a 5b 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 b4 02 f9 a9 1c ae e1 0c 84 f8 dc 9b 17 72 98 a5 e0 32 d5 db 2b 59 d8 49 c0 ef be e8 6b f9 f8 62 52 b8
                                                                                                                                                                                                              Data Ascii: 7CH<t7d)JES?y4[ }1_3]1"s'3#}rS[~Wr"{[7k}-NSMj-E)M14W?cs<16n[nI]Jq#F9->:|{{(n[0Y0*H=*H=Br2+YIkbR
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 00 6c 69 62 73 2f 55 54 05 00 01 94 9d 26 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 02 c2 18 da 94 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 2d 00 62 72 6f 77 73 65 72 2f 55 54 05 00 01 94 9d 26 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 02 c2 18 da 94 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 2d 00 63 6f 6d 6d 6f 6e 2f 55 54 05 00 01 96 9d 26 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 2f f3 19 da 94 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 50
                                                                                                                                                                                                              Data Ascii: libs/UT&f PKPK!-browser/UT&f PKPK!-common/UT&f /P
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 20 ff bd 43 ea 11 52 6b 2b 6a b7 45 d1 9c e2 99 6f 86 9c a7 3e 3e 5d 2c eb 8a 62 cb 50 ad c5 f2 76 b1 2c ac ad cc 6d 9a 12 c1 99 b4 66 93 e4 4a e5 82 25 44 95 a9 61 fa c0 09 4b 5b 8b 4d 4a f4 e3 f2 fa e2 62 01 7f 4b 89 4b e6 ec 11 ba ff f9 47 d4 b0 ed a6 a2 d9 0f 8f 56 7e 04 05 42 80 f3 30 63 95 c6 b9 43 3e 79 81 17 96 58 82 8c 22 43 0a 56 62 e7 a5 fd 2f d9 19 25 97 1e f7 dc d9 53 66 88 e6 95 e5 a0 38 75 da f7 2f fa bb 42 ab f0 e8 03 d3 a6 33 db dc 24 37 c9 3a d9 f4 2a e5 0d 0c aa da ab 2d b7 5a 35 10 6c ba 33 69 a7 4a 0a 5b 8a e5 70 89 0c d7 c2 22 a1 08 16 de 80 c9 5e 57 31 5d 72 e3 0e 32 a0 f8 fd 25 48 a2 a4 65 8f f6 9e c9 da 74 60 2f b7 78 1b fd a6 aa 91 42 61 1a 09 25 b6 fc c0 ee 99 31 38 e7 32 0f 55 10 fc 27 f6 47 cd 8c 1d 49 3f e2 03 cf b1 cf 54 a0
                                                                                                                                                                                                              Data Ascii: CRk+jEo>>],bPv,mfJ%DaK[MJbKKGV~B0cC>yX"CVb/%Sf8u/B3$7:*-Z5l3iJ[p"^W1]r2%Het`/xBa%182U'GI?T
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 7e 6d d5 2e ea 01 9f 51 c7 14 70 42 27 57 bb 6d 53 70 c0 6e cd c6 40 2a 06 78 74 da ce 42 5d fc b3 e7 96 a1 a7 a8 5b 8b 27 cb 74 7e b2 aa 08 97 af cf 4c e4 0a 16 0c 81 93 07 cf 96 ba f9 56 1c 47 2e 8a b6 f6 95 7d f2 57 61 de 46 de af 37 d4 23 2c c7 f9 47 be 06 c3 01 4c c0 52 18 c3 6d 64 17 09 da 08 86 6a 87 16 3b 9e 30 d6 c0 13 ef af 6e 0b ed 3f 60 4d 99 63 f3 09 50 4b 07 08 7c 75 24 57 03 01 00 00 6a 02 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 55 54 05 00 01 96 9d 26 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 2f f3 19 da 94 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00
                                                                                                                                                                                                              Data Ascii: ~m.QpB'WmSpn@*xtB]['t~LVG.}WaF7#,GLRmdj;0n?`McPK|u$WjPK!-_locales/UT&f /PKPK!
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: d1 53 14 3f 56 3a 37 27 4d bd 4e 46 a3 a3 d1 d1 b6 6a ed db 5d 6c eb 92 1c c4 9d f8 f7 4b cd 0a 57 43 6c e0 f6 ff dd 53 fc 33 d4 64 4a 94 8b da e0 e1 5d bf b6 73 ec 20 4d db f7 57 95 7d e8 2a 73 fd d1 68 19 62 fa b4 0d d3 1a be 4d 2f 7f 47 e0 ff 15 a3 06 9b 6d fc 15 9a ab f4 ea d6 ef e9 7d 78 84 62 f5 c5 7b 1e e3 8a ad c5 ca 1f e2 bb 30 ad 89 0e e2 e8 61 d6 0c 20 d7 0c 88 e9 bd dd c2 ff 49 a8 2a 14 be 50 c6 b6 21 f6 11 18 6f 5d f7 f7 a6 1e 62 5a 3c d4 78 e2 f2 a4 de ea ad e7 15 18 0c 87 43 42 af c2 85 89 f7 4e 5a 81 51 d4 ac bb ea ec 5d 5a c8 86 bf 76 c8 be 2a 84 bb b9 17 c5 45 6b 28 dc 66 69 0e a2 fd 84 8e e2 3c de 69 b8 1f a6 94 93 a5 29 66 c4 25 22 cd b6 73 a8 01 44 f1 b2 a3 10 7b 7e 52 69 8d ed 0f 6f 6e 47 8d 65 da 0c c1 f9 6e a3 bd d4 dc 8e c9 03 cd
                                                                                                                                                                                                              Data Ascii: S?V:7'MNFj]lKWClS3dJ]s MW}*shbM/Gm}xb{0a I*P!o]bZ<xCBNZQ]Zv*Ek(fi<i)f%"sD{~RionGen
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 61 74 65 2e 6a 73 55 54 05 00 01 ac ef 56 65 0a 00 20 00 00 00 00 00 01 00 18 00 00 1e 45 bf 10 19 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 55 5d 6f e2 38 14 7d 9f 5f e1 e6 a1 4a 46 69 5a ba 1a 69 15 94 d5 a4 25 65 a3 a1 09 2a b4 d2 3e 21 e3 5c c0 bb c1 46 b6 03 45 94 ff be d7 09 50 a0 dd d1 3e 4c 5e 20 d7 e7 dc 7b 7c bf 72 fd f5 57 3d 5f be 92 b8 93 df 25 e4 3e cf 1e d2 4e 92 0d d3 b8 87 c6 d1 c7 e7 8b 05 93 7b b9 58 2b 3e 9d 19 72 7b d3 fa 46 e2 42 8e 81 0c d6 da c0 5c 93 54 30 a9 16 52 51 03 85 05 c7 65 49 9e 2c 58 93 27 d0 a0 96 50 04 b5 9b 2c 1f a6 f7 49 d8 20 b8 98 48 35 a7 86 4b 41 98 14 86 72 01 05 99 81 02 2e 08 d7 3e a1 a2 20 0a e6 68 d7 c8 35 33 20 0b 25 17 a0 cc 9a c8 c9 4f 24 d4 44 8e c1 75 b5 58 94 1c 94 f6 91 cf 27 68 5f 07
                                                                                                                                                                                                              Data Ascii: ate.jsUTVe EU]o8}_JFiZi%e*>!\FEP>L^ {|rW=_%>N{X+>r{FB\T0RQeI,X'P,I H5KAr.> h53 %O$DuX'h_
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 6f db 36 14 7d cf af 60 f4 10 50 31 4d db 59 37 14 72 85 c1 4b d2 2d 43 17 17 89 9f 16 07 01 2d 5d 5b 4c 29 52 20 a9 26 aa a1 ff de 4b f9 6b 69 87 a0 0f 15 0c c8 bc 3c f7 eb 9c 7b 35 38 fd 59 cf d1 29 99 5c 4c ff b8 24 e7 d3 eb f7 57 17 97 d7 b3 ab c9 07 34 3e 7c ff 1c 05 30 39 37 55 63 e5 aa f0 e4 6c 38 fa 95 4c 72 b3 00 72 db 38 0f a5 23 57 3a 33 b6 32 56 78 c8 03 78 a2 14 b9 09 60 47 6e c0 81 fd 0c 39 ef c2 5c 4f 67 57 e7 97 c9 06 21 f5 d2 d8 52 78 69 34 c9 8c f6 42 6a c8 49 01 16 a4 26 d2 31 22 74 4e 2c 94 68 77 e8 eb 0b 20 95 35 15 58 df 10 b3 7c a5 84 ce 51 62 72 57 57 95 92 60 1d 43 7f b9 44 7b c3 09 99 61 20 a9 3d 28 05 99 af 85 ea e0 1e b2 42 cb 0c 4f 58 4a 06 15 7a ef 6b 42 e7 6d 55 c2 6e 6a b0 12 bc b0 0d f1 e6 07 ca 40 f7 7d 21 9d 6d 1b 05 53
                                                                                                                                                                                                              Data Ascii: o6}`P1MY7rK-C-][L)R &Kki<{58Y)\L$W4>|097Ucl8Lrr8#W:32Vxx`Gn9\OgW!Rxi4BjI&1"tN,hw 5X|QbrWW`CD{a =(BOXJzkBmUnj@}!mS
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: 0a 25 59 ac a4 e5 42 42 c2 96 a0 41 48 26 8c cf b8 4c 98 86 15 ca 0d ee b5 4b 60 99 56 19 68 bb 61 6a fe 0b 17 aa 8d 02 0f 37 79 96 a5 02 b4 f1 71 bf 98 a3 7c 13 30 36 45 43 42 5a 48 53 88 6d ce d3 4a dd 42 bc 94 22 c6 5f e8 4a 0c 19 ee ee 7c c2 cd 8d 57 5c d7 3e 68 01 96 eb 0d b3 ea ff 70 03 b7 77 8e 54 b2 c6 0a 1e 49 5a b3 0d e3 98 0d 4e 1a 31 9f a5 af 9c eb 42 4e f9 73 1d 87 8c d3 3c 11 72 c1 ac e6 09 30 03 b1 06 5b 19 56 1a 9d 6e eb 44 fa 98 75 76 2e 8c 81 95 90 75 a2 31 71 76 29 cc 4e f2 71 9b 06 3c 27 c9 e3 1d 1d 5c 06 2d 78 4a 87 62 32 ad 16 b1 4d 37 0c 37 ce 44 92 80 64 b9 4c c1 18 74 51 a0 89 67 2d ac 45 21 7a bb c2 23 c9 10 ee 52 b3 2e 87 73 ad 56 bf 48 17 fa fa af 7d 06 6f c4 0a cd da 22 56 ab 15 3a c2 0d 83 92 ce 77 82 41 2d 0a be 19 67 d8 28
                                                                                                                                                                                                              Data Ascii: %YBBAH&LK`Vhaj7yq|06ECBZHSmJB"_J|W\>hpwTIZN1BNs<r0[VnDuv.u1qv)Nq<'\-xJb2M77DdLtQg-E!z#R.sVH}o"V:wA-g(
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC1255INData Raw: ad 57 aa 22 f1 1b da 9e 6e 32 08 7b 91 f6 c4 98 a3 e6 57 7b e0 be 5e b3 82 aa 3c 99 61 72 c3 23 7b 7c 6c e8 d0 99 56 cf 98 8f 50 06 c2 8c 93 05 92 13 a6 01 ff 63 e0 b5 33 8e bf ae 32 7e 6b b1 b4 26 14 3e a5 10 5d 55 25 91 43 73 31 63 ec f8 ae 61 dc d4 eb 61 f6 de fa e6 81 f0 0a 88 26 ae e3 e5 17 ae f9 0a 6b 90 65 40 b3 9d 6f 2a a8 1e ed b5 d2 cb cb d1 4e 52 3d 8b 9e 3c 57 97 cd 58 6b a5 5d a7 9a dc f1 d5 02 41 c7 9d 6d 4b 07 4b 0d f3 12 df 33 88 df 7a 95 ee b5 70 db ba 38 f4 95 8f bf ed 4e 93 24 90 41 8e cd e3 7a e5 d3 90 46 96 fe 0d d0 33 e8 f8 78 95 74 d3 41 cb 0b 50 ee 33 6c 77 f0 eb b1 f2 f4 e9 2f 4c 0a 68 d6 38 d1 5b 2a 9f 42 c7 41 04 15 ce 8f 13 9e 89 93 ef b0 71 76 db ac ec 88 f9 f5 48 5a 4f 5a fb 43 69 1f 61 fd 40 fa 61 ec ed 42 dc c0 a9 0d 46 b9
                                                                                                                                                                                                              Data Ascii: W"n2{W{^<ar#{|lVPc32~k&>]U%Cs1caa&ke@o*NR=<WXk]AmKK3zp8N$AzF3xtAP3lw/Lh8[*BAqvHZOZCia@aBF


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.44975313.249.98.784434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC626OUTGET /search/images/homepage/button_bg.png HTTP/1.1
                                                                                                                                                                                                              Host: se-p-static-content.seccint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                              Referer: https://www.sweetim.com/
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 2767
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:01 GMT
                                                                                                                                                                                                              Last-Modified: Thu, 06 Jul 2017 14:19:26 GMT
                                                                                                                                                                                                              ETag: "64f85ba4f1509e24c28ddc9e07de67d7"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 e65779811ad331617179859160ead1b4.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: 1VJFOfHjIGw8d2mKx7sGXTviIIQqsWuhJPGyY0WIQagaYFzdPxOo-g==
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC2767INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 57 00 00 00 69 08 06 00 00 00 8e 36 60 71 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDRWi6`qtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.44975413.249.98.1244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC634OUTGET /Search/SearchApplication/Resources/SpyGlass130x40.png HTTP/1.1
                                                                                                                                                                                                              Host: storage2.stgbssint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                              Referer: https://www.sweetim.com/
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 2505
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:01 GMT
                                                                                                                                                                                                              Last-Modified: Wed, 28 Feb 2018 09:59:06 GMT
                                                                                                                                                                                                              ETag: "b254739743874926f3f110ba7eb9c37f"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 a6d7db01f7a0edcb49cd879115321646.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: 1oGAUwXc8D2JR0K6IBFVA8TZfWzdkGAWEZVVZ-KWz9yUVoE3h2_Peg==
                                                                                                                                                                                                              2024-04-26 05:43:00 UTC2505INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 82 00 00 00 28 08 06 00 00 00 32 84 22 75 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 24 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDR(2"utEXtSoftwareAdobe ImageReadyqe<$iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.44975513.249.98.1244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC645OUTGET /Search/SearchApplication/Resources/Images/Search/closeSprite.png HTTP/1.1
                                                                                                                                                                                                              Host: storage2.stgbssint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                              Referer: https://www.sweetim.com/
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 1240
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:02 GMT
                                                                                                                                                                                                              Last-Modified: Wed, 28 Feb 2018 09:59:06 GMT
                                                                                                                                                                                                              ETag: "ea2c48bed74bb2ebdd5989fb057478e2"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 103ec34eaa00ebfa54ccec8bb9510672.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: OMsgzo2vCNzv334Ka4-BvHRpHbOcpTlaoyAkwpxI2Yw8czU-bCuIFA==
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC1240INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 18 08 06 00 00 00 ce 32 1c 6a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 86 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 32 31 20 37 39 2e 31 35 35 37 37 32 2c 20 32 30 31 34 2f 30 31 2f 31 33 2d 31 39 3a 34 34 3a 30 30 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDR2jtEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.449756108.157.173.244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC1116OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                              Host: www.sweetim.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                              sec-ch-ua-arch: "x86"
                                                                                                                                                                                                              sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                              dpr: 1
                                                                                                                                                                                                              downlink: 1.3
                                                                                                                                                                                                              sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                                                                                                                                              sec-ch-ua-bitness: "64"
                                                                                                                                                                                                              sec-ch-ua-model: ""
                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                              device-memory: 8
                                                                                                                                                                                                              rtt: 350
                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              viewport-width: 1280
                                                                                                                                                                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                                                                                                                                                                              ect: 3g
                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                              Referer: https://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Cookie: UserId=D725A570-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A59.655Z; st=SearchWeb; _hse=true
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/x-icon
                                                                                                                                                                                                              Content-Length: 1150
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              cache-control: public, max-age=31536000
                                                                                                                                                                                                              date: Fri, 26 Apr 2024 05:43:01 GMT
                                                                                                                                                                                                              etag: "47e-HgGsw6klthGz7AECUXEszb4DNHg"
                                                                                                                                                                                                              server: istio-envoy
                                                                                                                                                                                                              x-envoy-upstream-service-time: 0
                                                                                                                                                                                                              x-powered-by: Express
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 4c3c3d48e1596e1c2c468662d48c7cc8.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P3
                                                                                                                                                                                                              X-Amz-Cf-Id: vNHdeNo4r8I4Q06IaQHL_qUUiouzTSQjPj5iaqnqSF6yA35IRKjezw==
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: h( @


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.44975813.249.98.1244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC391OUTGET /search/images/homepage/button_bg.png HTTP/1.1
                                                                                                                                                                                                              Host: se-p-static-content.seccint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 2767
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:02 GMT
                                                                                                                                                                                                              Last-Modified: Thu, 06 Jul 2017 14:19:26 GMT
                                                                                                                                                                                                              ETag: "64f85ba4f1509e24c28ddc9e07de67d7"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 550095e901774e11f1c0214c5ce186ae.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: D7Z45FnDcl-9gpnZaWAsFD39KHz9RYjh1bhlgdldoo49lClysubTDQ==
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC2767INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 57 00 00 00 69 08 06 00 00 00 8e 36 60 71 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDRWi6`qtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.44975913.249.98.784434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC399OUTGET /Search/SearchApplication/Resources/SpyGlass130x40.png HTTP/1.1
                                                                                                                                                                                                              Host: storage2.stgbssint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 2505
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:02 GMT
                                                                                                                                                                                                              Last-Modified: Wed, 28 Feb 2018 09:59:06 GMT
                                                                                                                                                                                                              ETag: "b254739743874926f3f110ba7eb9c37f"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 550095e901774e11f1c0214c5ce186ae.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: 2A4sX9cBvcZwi_VgQSP8tFWP3xyWnfbJNMFqoYL600DqMJVjkMENog==
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC2505INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 82 00 00 00 28 08 06 00 00 00 32 84 22 75 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 24 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDR(2"utEXtSoftwareAdobe ImageReadyqe<$iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              11192.168.2.44976113.249.98.784434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC410OUTGET /Search/SearchApplication/Resources/Images/Search/closeSprite.png HTTP/1.1
                                                                                                                                                                                                              Host: storage2.stgbssint.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                              Content-Length: 1240
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:03 GMT
                                                                                                                                                                                                              Last-Modified: Wed, 28 Feb 2018 09:59:06 GMT
                                                                                                                                                                                                              ETag: "ea2c48bed74bb2ebdd5989fb057478e2"
                                                                                                                                                                                                              x-amz-version-id: null
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 55a2e492c74577abf8547dc740add63e.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P5
                                                                                                                                                                                                              X-Amz-Cf-Id: YfXfyze0vObAPCGfJHr2-NIWYPuv0vlkzkz9xa_YcKE8c6Kln4PG0g==
                                                                                                                                                                                                              2024-04-26 05:43:02 UTC1240INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 18 08 06 00 00 00 ce 32 1c 6a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 86 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 32 31 20 37 39 2e 31 35 35 37 37 32 2c 20 32 30 31 34 2f 30 31 2f 31 33 2d 31 39 3a 34 34 3a 30 30 20 20
                                                                                                                                                                                                              Data Ascii: PNGIHDR2jtEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              12192.168.2.449763108.157.173.244434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:01 UTC467OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                              Host: www.sweetim.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              Cookie: UserId=D725A570-038F-11EF-AAC5-BF869E32CC1E; UserData=2024-04-26T05%3A42%3A59.655Z; st=SearchWeb; _hse=true
                                                                                                                                                                                                              2024-04-26 05:43:02 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: image/x-icon
                                                                                                                                                                                                              Content-Length: 1150
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              cache-control: public, max-age=31536000
                                                                                                                                                                                                              date: Fri, 26 Apr 2024 05:43:02 GMT
                                                                                                                                                                                                              etag: "47e-HgGsw6klthGz7AECUXEszb4DNHg"
                                                                                                                                                                                                              server: istio-envoy
                                                                                                                                                                                                              x-envoy-upstream-service-time: 1
                                                                                                                                                                                                              x-powered-by: Express
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 6fbeae74487f866b555dc44d03fcc2a6.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: MIA3-P3
                                                                                                                                                                                                              X-Amz-Cf-Id: hI3VfKeBr9kVbp1AzeRy-nFT4X6NZrt0_d-BB5BAdaw4exXa5MTUCg==
                                                                                                                                                                                                              2024-04-26 05:43:02 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: h( @


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              13192.168.2.44976723.193.120.112443
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC466INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                              Server: ECAcc (chd/0712)
                                                                                                                                                                                                              X-CID: 11
                                                                                                                                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                              X-Ms-Region: prod-eus-z1
                                                                                                                                                                                                              Cache-Control: public, max-age=91288
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:04 GMT
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              X-CID: 2


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              14192.168.2.44976823.193.120.112443
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                              Range: bytes=0-2147483646
                                                                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC530INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                              ApiVersion: Distribute 1.1
                                                                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                              X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                                                                              Cache-Control: public, max-age=91301
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:04 GMT
                                                                                                                                                                                                              Content-Length: 55
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              X-CID: 2
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              15192.168.2.449770192.178.50.464434020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:04 UTC393OUTGET /webstore/inlineinstall/detail/efaidnbmnnnibpcajpcglclefindmkaj HTTP/1.1
                                                                                                                                                                                                              Host: chrome.google.com
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC1457INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:05 GMT
                                                                                                                                                                                                              Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/chromewebstore/2
                                                                                                                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-fd3RXVuFRhq1fQpFRHX6YQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport
                                                                                                                                                                                                              Report-To: {"group":"coop_chromewebstore","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chromewebstore"}]}
                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="coop_chromewebstore"
                                                                                                                                                                                                              Server: ESF
                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                              Set-Cookie: NID=513=Qg4jUGwXrNas-9AG1-c7G-eXMuWPdLKZxTkUjbgSOMedUj5KXbZ3sCfMR9Enlg7ID9q0BVCmqRej2UCg6uL_S4sTMvUnHbVV0YZoVOBaEfIB4kuDWVmgtAIJ7ejKDHasgWtG6GqpEVa0-H0MI-aCsJMBGNYUE6mURWTH7yKx8gQ; expires=Sat, 26-Oct-2024 05:43:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC1457INData Raw: 31 34 30 66 0d 0a 7b 22 69 63 6f 6e 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 68 33 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 61 71 61 68 47 7a 33 65 75 58 61 64 6d 74 6d 70 38 4e 5a 6e 75 4b 50 6f 55 6d 34 63 6d 65 77 4e 59 30 41 49 31 61 5f 63 4d 73 43 32 38 63 66 76 42 32 42 78 33 4e 41 72 59 39 4d 69 35 30 6f 32 7a 46 34 35 55 68 37 34 52 6d 6d 71 2d 42 68 36 64 4a 52 73 56 41 62 6d 3d 77 31 32 38 2d 68 31 32 38 2d 65 33 36 35 2d 72 6a 2d 73 63 30 78 30 30 66 66 66 66 66 66 22 2c 22 76 65 72 69 66 69 65 64 5f 73 69 74 65 22 3a 22 77 77 77 2e 61 64 6f 62 65 2e 63 6f 6d 22 2c 22 6c 6f 63 61 6c 69 7a 65 64 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 44 6f 20 6d 6f 72 65 20 69 6e 20 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65
                                                                                                                                                                                                              Data Ascii: 140f{"icon_url":"https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=w128-h128-e365-rj-sc0x00ffffff","verified_site":"www.adobe.com","localized_description":"Do more in Google Chrome
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC1457INData Raw: 2a 5c 22 5c 6e 20 20 20 20 20 20 20 20 5d 5c 6e 20 20 20 20 7d 2c 5c 6e 20 20 20 20 5c 22 69 63 6f 6e 73 5c 22 3a 20 7b 5c 6e 20 20 20 20 20 20 20 20 5c 22 31 36 5c 22 3a 20 5c 22 62 72 6f 77 73 65 72 2f 69 6d 61 67 65 73 2f 61 63 72 6f 62 61 74 5f 64 63 5f 61 70 70 69 63 6f 6e 5f 31 36 2e 70 6e 67 5c 22 2c 5c 6e 20 20 20 20 20 20 20 20 5c 22 34 38 5c 22 3a 20 5c 22 62 72 6f 77 73 65 72 2f 69 6d 61 67 65 73 2f 61 63 72 6f 62 61 74 5f 64 63 5f 61 70 70 69 63 6f 6e 5f 34 38 2e 70 6e 67 5c 22 2c 5c 6e 20 20 20 20 20 20 20 20 5c 22 31 32 38 5c 22 3a 20 5c 22 62 72 6f 77 73 65 72 2f 69 6d 61 67 65 73 2f 61 63 72 6f 62 61 74 5f 64 63 5f 61 70 70 69 63 6f 6e 5f 31 32 38 2e 70 6e 67 5c 22 5c 6e 20 20 20 20 7d 2c 5c 6e 20 20 20 20 5c 22 61 63 74 69 6f 6e 5c 22 3a
                                                                                                                                                                                                              Data Ascii: *\"\n ]\n },\n \"icons\": {\n \"16\": \"browser/images/acrobat_dc_appicon_16.png\",\n \"48\": \"browser/images/acrobat_dc_appicon_48.png\",\n \"128\": \"browser/images/acrobat_dc_appicon_128.png\"\n },\n \"action\":
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC1457INData Raw: 65 6e 74 2d 73 63 72 69 70 74 2e 63 73 73 5c 22 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 5d 2c 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 5c 22 6a 73 5c 22 3a 20 5b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 22 63 6f 6e 74 65 6e 74 5f 73 63 72 69 70 74 73 2f 67 64 72 69 76 65 2d 63 6f 6e 74 65 6e 74 2d 73 63 72 69 70 74 2e 6a 73 5c 22 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 5d 2c 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 5c 22 72 75 6e 5f 61 74 5c 22 3a 20 5c 22 64 6f 63 75 6d 65 6e 74 5f 65 6e 64 5c 22 5c 6e 20 20 20 20 20 20 20 20 7d 2c 5c 6e 20 20 20 20 20 20 20 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 5c 22 6d 61 74 63 68 65 73 5c 22 3a 20 5b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5c 22 68 74 74 70 73 3a 2f 2f 6d
                                                                                                                                                                                                              Data Ascii: ent-script.css\"\n ],\n \"js\": [\n \"content_scripts/gdrive-content-script.js\"\n ],\n \"run_at\": \"document_end\"\n },\n {\n \"matches\": [\n \"https://m
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC772INData Raw: 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 61 64 6f 62 65 64 74 6d 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 61 64 6f 62 65 63 6f 6e 74 65 6e 74 2e 69 6f 20 68 74 74 70 73 3a 2f 2f 2a 2e 61 64 6f 62 65 6c 6f 67 69 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6c 6f 63 61 6c 2d 74 65 73 74 2e 61 63 72 6f 62 61 74 2e 63 6f 6d 3a 2a 20 68 74 74 70 73 3a 2f 2f 6c 6f 63 61 6c 2d 74 65 73 74 2e 61 63 72 6f 62 61 74 2e 61 64 6f 62 65 2e 63 6f 6d 3a 2a 20 68 74 74 70 73 3a 2f 2f 2a 2e 61 63 72 6f 62 61 74 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 2a 2e 61 64 6f 62 65 2e 63 6f 6d 5c 22 5c 6e 20 20 20 20 7d 2c 5c 6e 20 20 20 20 5c 22 68 6f 73 74 5f 70 65 72 6d 69 73 73 69 6f 6e 73 5c 22 3a 20 5b 5c
                                                                                                                                                                                                              Data Ascii: ttps://use.typekit.net https://assets.adobedtm.com https://*.adobecontent.io https://*.adobelogin.com https://local-test.acrobat.com:* https://local-test.acrobat.adobe.com:* https://*.acrobat.com https://*.adobe.com\"\n },\n \"host_permissions\": [\
                                                                                                                                                                                                              2024-04-26 05:43:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              16192.168.2.44977113.85.23.86443
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-04-26 05:43:15 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6NvAnKL1OPtr5PT&MD=RuvlYw+b HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                                                              2024-04-26 05:43:15 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                              ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                              MS-CorrelationId: 2af5ff55-6622-4e2f-baab-0909aae71aac
                                                                                                                                                                                                              MS-RequestId: 34508662-ff95-41bb-b980-0744911411d0
                                                                                                                                                                                                              MS-CV: Of8rcOHaIkepG1zv.0
                                                                                                                                                                                                              X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                              Date: Fri, 26 Apr 2024 05:43:14 GMT
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Content-Length: 25457
                                                                                                                                                                                                              2024-04-26 05:43:15 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                              Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                              2024-04-26 05:43:15 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                              Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:07:42:18
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\BundleSweetIMSetup.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\BundleSweetIMSetup.exe"
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:4'666'160 bytes
                                                                                                                                                                                                              MD5 hash:BCC96659D6A46536DBDE959FB9D60F67
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:07:42:26
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\SweetIMSetup.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline: /s /w /v" /qn SIMHP=0 SIMSP=0 "
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:3'935'664 bytes
                                                                                                                                                                                                              MD5 hash:CED6A16415E6AE2243ACC2B776B9D965
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:07:42:26
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"
                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                              Start time:07:42:26
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                              Imagebase:0x7ff6accf0000
                                                                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:07:42:27
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding A265C8E8A3BB4B1A10A4D9F720E583B6
                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                              Start time:07:42:30
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe http://sweetim.com,C:\Users\user\AppData\LocalLow\simcookies.dat
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:65'840 bytes
                                                                                                                                                                                                              MD5 hash:8E11C6FCF30B1DC4C7069144B80C2709
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                              • Detection: 18%, ReversingLabs
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                              Start time:07:42:33
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" -AutoStartIM
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:114'992 bytes
                                                                                                                                                                                                              MD5 hash:15A4D1A8C15CB3C0C13C3F36899475E6
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                              • Detection: 30%, ReversingLabs
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                              Start time:07:42:36
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\SweetIESetup.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline: /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} "
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              File size:3'410'880 bytes
                                                                                                                                                                                                              MD5 hash:4E3FCE1D8BE37088E4E40B829DA24091
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                              Start time:07:42:36
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\{B3CA5B4C-F637-458C-81D6-CD8DADBE9841}\SweetIESetup.msi" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=1,UserSelectedDS=1} SETUPEXEDIR="C:\Users\user\AppData\Local\Temp"
                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                              Start time:07:42:37
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F0CC6D3E1A3C8837D5C7D007B45C879F
                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                              File size:59'904 bytes
                                                                                                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                              Start time:07:42:56
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.sweetim.com/installbar.asp?barid={C598706C-038F-11EF-8C2C-ECF4BBEA1588}
                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                              Start time:07:42:56
                                                                                                                                                                                                              Start date:26/04/2024
                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1960,i,7459701528248846225,13626864308159879949,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 0429ED80 Relevance: 1.2, Instructions: 1248COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, Offset: 04296000, based on PE: false
                                                                                                                                                                                                                • Associated: 00000000.00000003.1918635774.00000000042A1000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000003.1933803776.00000000042A4000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_4272000_BundleSweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: db398c65cd0c85cb97368f9b253e73d749d99a5f03896d437053df3f9c2c36fa
                                                                                                                                                                                                                • Instruction ID: 0695908db047844c04c617abcdb73099722222a10fd3d4755660db46aca9ef1b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: db398c65cd0c85cb97368f9b253e73d749d99a5f03896d437053df3f9c2c36fa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7929C9295E7C11FDB5787704D7A991BFB06E6310070E86CFC8CA8E8A3E3499909D367
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0429ED80 Relevance: 1.2, Instructions: 1248COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, Offset: 0429C000, based on PE: false
                                                                                                                                                                                                                • Associated: 00000000.00000003.1933803776.00000000042A4000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000000.00000003.1941087262.00000000042AC000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_4272000_BundleSweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 35d447416fe94c763cca08425af06bd7bb205f377fe68a23ddbb9e3029de77f7
                                                                                                                                                                                                                • Instruction ID: 0695908db047844c04c617abcdb73099722222a10fd3d4755660db46aca9ef1b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35d447416fe94c763cca08425af06bd7bb205f377fe68a23ddbb9e3029de77f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7929C9295E7C11FDB5787704D7A991BFB06E6310070E86CFC8CA8E8A3E3499909D367
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0429ED80 Relevance: 1.2, Instructions: 1239COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000003.1944544419.0000000004296000.00000004.00000020.00020000.00000000.sdmp, Offset: 0429D000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_4272000_BundleSweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 6cd1055967fea9b0c3a82f9b2a3f01d1eabfb76e12e98c2a76825f4965809c56
                                                                                                                                                                                                                • Instruction ID: 39268c1e5c66f3392530ac33c376cd3ae87b1a8c745838442d1cbfb09655b2a9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cd1055967fea9b0c3a82f9b2a3f01d1eabfb76e12e98c2a76825f4965809c56
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69929D5295E7C11FDB5787700DBA991BFB06E6310070E86CFC8CA8E8A3E7499909D367
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:11.5%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:9.2%
                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                Total number of Limit Nodes:81
                                                                                                                                                                                                                execution_graph 24069 428ea2 24078 428f47 24069->24078 24072 428eb3 GetCurrentProcess TerminateProcess 24075 428ec4 24072->24075 24073 428f35 ExitProcess 24074 428f2e 24081 428f50 LeaveCriticalSection ctype 24074->24081 24075->24073 24075->24074 24077 428f33 24082 42b6f4 24078->24082 24080 428ea8 24080->24072 24080->24075 24081->24077 24083 42b74a EnterCriticalSection 24082->24083 24084 42b70c 24082->24084 24083->24080 24097 427a79 24084->24097 24087 42b722 24088 42b6f4 ctype 27 API calls 24087->24088 24090 42b72a 24088->24090 24091 42b731 InitializeCriticalSection 24090->24091 24092 42b73b 24090->24092 24093 42b740 24091->24093 24101 427990 24092->24101 24118 42b755 LeaveCriticalSection 24093->24118 24096 42b748 24096->24083 24119 427a8b 24097->24119 24100 429a74 7 API calls ctype 24100->24087 24102 427a6a 24101->24102 24103 4279be 24101->24103 24102->24093 24104 427a03 24103->24104 24105 4279c8 24103->24105 24106 4279f4 24104->24106 24109 42b6f4 ctype 28 API calls 24104->24109 24107 42b6f4 ctype 28 API calls 24105->24107 24106->24102 24108 427a5c RtlFreeHeap 24106->24108 24110 4279cf ctype 24107->24110 24108->24102 24112 427a0f ctype 24109->24112 24116 4279e9 24110->24116 24145 42b9af VirtualFree VirtualFree HeapFree ctype 24110->24145 24117 427a3b 24112->24117 24147 42c736 VirtualFree HeapFree VirtualFree ctype 24112->24147 24146 4279fa LeaveCriticalSection ctype 24116->24146 24148 427a52 LeaveCriticalSection ctype 24117->24148 24118->24096 24120 427a88 24119->24120 24122 427a92 ctype 24119->24122 24120->24087 24120->24100 24122->24120 24123 427ab7 24122->24123 24124 427ae4 24123->24124 24127 427b27 24123->24127 24125 42b6f4 ctype 28 API calls 24124->24125 24129 427b12 24124->24129 24128 427afa 24125->24128 24126 427b96 RtlAllocateHeap 24137 427b19 24126->24137 24127->24129 24130 427b49 24127->24130 24141 42bcd8 5 API calls ctype 24128->24141 24129->24126 24129->24137 24133 42b6f4 ctype 28 API calls 24130->24133 24132 427b05 24142 427b1e LeaveCriticalSection ctype 24132->24142 24135 427b50 24133->24135 24143 42c77b 6 API calls ctype 24135->24143 24137->24122 24138 427b63 24144 427b7d LeaveCriticalSection ctype 24138->24144 24140 427b70 24140->24129 24140->24137 24141->24132 24142->24129 24143->24138 24144->24140 24145->24116 24146->24106 24147->24117 24148->24106 24149 4092b3 ReadFile 24150 4092d4 GetLastError 24149->24150 24151 4092eb 24149->24151 24152 4092e6 24150->24152 24153 401f13 24154 401f8c SetTimer 24153->24154 24155 401f1c 24153->24155 24162 401f6b 24154->24162 24156 401f74 KillTimer PostQuitMessage 24155->24156 24157 401f1f 24155->24157 24156->24162 24158 401f26 DefWindowProcA 24157->24158 24159 401f3a 24157->24159 24158->24162 24159->24162 24164 4019c0 24159->24164 24163 401f5c PostMessageA 24163->24162 24165 4019ca __vprintf_l __EH_prolog 24164->24165 24209 4019f2 24165->24209 24233 402838 24165->24233 24167 401a23 24168 402838 3 API calls 24167->24168 24169 401a3b 24168->24169 24238 4021e9 24169->24238 24173 401a5e GetModuleFileNameA 24252 4022fb 24173->24252 24181 401aa7 24297 402102 40 API calls 2 library calls 24181->24297 24183 401ab9 24298 4021b4 49 API calls 24183->24298 24185 401acd 24186 401cf2 ctype 33 API calls 24185->24186 24187 401ae4 24186->24187 24299 420c44 lstrlenA 24187->24299 24189 401af7 24306 420de9 GetFileAttributesA 24189->24306 24192 401b21 24195 401b2a 24192->24195 24201 401b38 ctype 24192->24201 24193 401b07 24314 420e23 24193->24314 24322 420e5d 24195->24322 24196 401b0d 24198 401b11 24196->24198 24199 401b19 24196->24199 24321 40678a 93 API calls 3 library calls 24198->24321 24203 401cf2 ctype 33 API calls 24199->24203 24308 401fb1 24201->24308 24202 401b18 24202->24199 24205 401ccd 24203->24205 24207 401cf2 ctype 33 API calls 24205->24207 24207->24209 24208 401bb9 24331 402375 24208->24331 24209->24162 24209->24163 24215 420e5d 9 API calls 24216 401ba7 24215->24216 24216->24208 24220 420e23 4 API calls 24216->24220 24223 401bb1 24220->24223 24221 420e5d 9 API calls 24226 401bda 24221->24226 24223->24196 24223->24208 24226->24221 24227 401c2b lstrlenA 24226->24227 24230 401c3c 24226->24230 24345 4025bc 24226->24345 24390 402063 24226->24390 24227->24226 24227->24230 24234 402842 __EH_prolog 24233->24234 24235 40285f GetLastError 24234->24235 24409 40297e 24235->24409 24239 402206 24238->24239 24240 401a51 24238->24240 24413 403cc5 32 API calls ctype 24239->24413 24242 402d6a 24240->24242 24243 402d7f 24242->24243 24244 402d9d 24243->24244 24414 426aeb 24243->24414 24248 402dba lstrlenW 24244->24248 24249 402deb __vprintf_l 24244->24249 24420 427bc0 24248->24420 24249->24173 24254 402305 __EH_prolog 24252->24254 24253 402325 24255 401a78 24253->24255 24256 40232b GetLastError 24253->24256 24254->24253 24422 403c5c 32 API calls 2 library calls 24254->24422 24264 402216 24255->24264 24423 4029bb 24256->24423 24259 402345 24260 401d6c 32 API calls 24259->24260 24261 402354 24260->24261 24262 401cf2 ctype 33 API calls 24261->24262 24263 402360 SetLastError 24262->24263 24263->24255 24265 402220 __EH_prolog 24264->24265 24433 403b2d 24265->24433 24267 402244 24285 40229f 24267->24285 24486 402c4f 66 API calls 2 library calls 24267->24486 24270 402262 24272 402a3d 34 API calls 24270->24272 24275 402278 24272->24275 24277 401d6c 32 API calls 24275->24277 24276 401cf2 ctype 33 API calls 24278 4022dc 24276->24278 24279 402285 24277->24279 24280 401cf2 ctype 33 API calls 24278->24280 24281 401cf2 ctype 33 API calls 24279->24281 24282 401a88 24280->24282 24283 402291 24281->24283 24286 401d6c 24282->24286 24284 401cf2 ctype 33 API calls 24283->24284 24284->24285 24440 402a71 24285->24440 24287 401d7d 24286->24287 24288 40498d ctype 32 API calls 24287->24288 24289 401a98 24288->24289 24290 401cf2 24289->24290 24621 427498 24290->24621 24292 401cfc GetLastError 24293 426aeb ctype 29 API calls 24292->24293 24294 401d34 SysFreeString 24293->24294 24295 40297e __vprintf_l SysFreeString 24294->24295 24296 401d50 SetLastError 24295->24296 24296->24181 24297->24183 24298->24185 24300 420c72 lstrcpyA 24299->24300 24301 420c57 24299->24301 24302 420c7c 24300->24302 24301->24300 24303 420c63 lstrcpynA 24301->24303 24622 420aeb 24302->24622 24303->24302 24307 401b03 24306->24307 24307->24192 24307->24193 24631 401fdd 24308->24631 24311 401fc7 24312 401fdd 129 API calls 24311->24312 24313 401b97 24312->24313 24313->24208 24313->24215 24644 420e06 GetFileAttributesA 24314->24644 24317 420e33 SetErrorMode RemoveDirectoryA 24319 420e52 SetErrorMode 24317->24319 24320 420e4f 24317->24320 24318 420e57 24318->24196 24319->24318 24320->24319 24321->24202 24323 420de9 GetFileAttributesA 24322->24323 24324 420e68 24323->24324 24325 420e6c 24324->24325 24646 420eb2 SetErrorMode CreateFileA 24324->24646 24325->24196 24328 420e7e SetErrorMode SetFileAttributesA DeleteFileA 24329 420ea3 24328->24329 24330 420ea6 SetErrorMode 24328->24330 24329->24330 24330->24325 24332 40237f __EH_prolog 24331->24332 24650 404fc6 24332->24650 24335 4042e4 ctype 29 API calls 24336 401bc7 24335->24336 24337 4023bd 24336->24337 24338 4023c9 __vprintf_l 24337->24338 24675 4039b6 24338->24675 24340 4023d7 24678 4046cf 24340->24678 24344 4023e5 24344->24226 24410 402988 24409->24410 24412 402881 SetLastError 24409->24412 24411 4029a1 SysFreeString 24410->24411 24410->24412 24411->24412 24412->24167 24413->24240 24415 427990 ctype 29 API calls 24414->24415 24416 402d8d 24415->24416 24417 4274b7 24416->24417 24418 427a8b ctype 29 API calls 24417->24418 24419 4274c2 24418->24419 24419->24244 24421 402dd3 WideCharToMultiByte 24420->24421 24421->24249 24422->24253 24424 4029c5 __EH_prolog 24423->24424 24425 402838 3 API calls 24424->24425 24426 4029eb 24425->24426 24427 402a1e SetLastError 24426->24427 24428 402a08 24426->24428 24431 4278cd 34 API calls 2 library calls 24426->24431 24427->24259 24432 403d72 37 API calls 3 library calls 24428->24432 24431->24428 24432->24427 24435 403b37 __EH_prolog 24433->24435 24434 403b53 GetLastError 24436 40297e __vprintf_l SysFreeString 24434->24436 24435->24434 24437 403b82 24436->24437 24487 40498d 24437->24487 24441 402a7b __EH_prolog 24440->24441 24442 403b2d ctype 34 API calls 24441->24442 24443 402aa3 24442->24443 24518 404b1c 24443->24518 24445 402ad2 24523 403bc0 24445->24523 24446 402ac3 24446->24445 24531 403e86 24446->24531 24451 402b1e 24452 402b3a 24451->24452 24454 401cf2 ctype 33 API calls 24451->24454 24453 402b7d 24452->24453 24455 402b52 24452->24455 24456 401d6c 32 API calls 24453->24456 24454->24452 24457 402a3d 34 API calls 24455->24457 24462 402b7b 24456->24462 24458 402b62 24457->24458 24461 401d6c 32 API calls 24458->24461 24459 402baf 24460 402c08 24459->24460 24463 403bc0 34 API calls 24459->24463 24465 403b2d ctype 34 API calls 24460->24465 24464 402b6f 24461->24464 24462->24459 24561 403e43 24462->24561 24467 402bc7 24463->24467 24468 401cf2 ctype 33 API calls 24464->24468 24469 402c1d 24465->24469 24471 403e86 61 API calls 24467->24471 24468->24462 24472 401cf2 ctype 33 API calls 24469->24472 24474 402bdc 24471->24474 24475 402c30 24472->24475 24473 401cf2 ctype 33 API calls 24473->24459 24568 403c85 52 API calls 24474->24568 24476 401cf2 ctype 33 API calls 24475->24476 24478 4022b2 24476->24478 24483 402a3d 24478->24483 24479 402bed 24480 401cf2 ctype 33 API calls 24479->24480 24481 402bfc 24480->24481 24482 401cf2 ctype 33 API calls 24481->24482 24482->24460 24614 40483c 24483->24614 24485 4022cb 24485->24276 24486->24270 24488 4049a0 24487->24488 24489 4049a5 24487->24489 24501 426d22 30 API calls 3 library calls 24488->24501 24491 4049bb 24489->24491 24496 4049dc 24489->24496 24502 404a6b 32 API calls 2 library calls 24491->24502 24493 404a1f 24504 405343 24493->24504 24495 4049cb 24503 404a6b 32 API calls 2 library calls 24495->24503 24496->24493 24498 4049f6 24496->24498 24499 40297e __vprintf_l SysFreeString 24498->24499 24500 403b92 SetLastError 24499->24500 24500->24267 24502->24495 24503->24500 24505 405353 24504->24505 24506 405358 24504->24506 24516 426af6 30 API calls 3 library calls 24505->24516 24508 40539b 24506->24508 24510 40536c 24506->24510 24512 405370 24506->24512 24509 4053b6 24508->24509 24511 40537d 24508->24511 24513 40297e __vprintf_l SysFreeString 24508->24513 24509->24511 24517 405bbd SysFreeString SysAllocStringLen __vprintf_l 24509->24517 24510->24509 24510->24512 24511->24500 24512->24511 24515 40297e __vprintf_l SysFreeString 24512->24515 24513->24509 24515->24511 24517->24511 24519 404b2a 24518->24519 24521 404b38 24518->24521 24519->24446 24520 428125 46 API calls 24520->24521 24521->24519 24521->24520 24569 4290d8 24521->24569 24525 403bca __EH_prolog 24523->24525 24524 403be7 GetLastError 24526 403c03 24524->24526 24525->24524 24527 40297e __vprintf_l SysFreeString 24526->24527 24528 403c1c __vprintf_l 24527->24528 24582 405a6d 24528->24582 24532 403e90 __EH_prolog 24531->24532 24533 402838 3 API calls 24532->24533 24534 403eb8 24533->24534 24535 403ec9 24534->24535 24539 403f27 24534->24539 24585 403ceb 24535->24585 24538 403efb 24543 402a3d 34 API calls 24538->24543 24540 403f22 24539->24540 24542 402a3d 34 API calls 24539->24542 24544 403f93 24540->24544 24590 404ba1 24540->24590 24541 403ceb 49 API calls 24541->24538 24546 403f60 24542->24546 24547 403f09 24543->24547 24545 403b2d ctype 34 API calls 24544->24545 24549 403fb0 24545->24549 24550 401d6c 32 API calls 24546->24550 24551 401d6c 32 API calls 24547->24551 24553 401cf2 ctype 33 API calls 24549->24553 24554 403f6d 24550->24554 24555 403f16 24551->24555 24557 402aea 24553->24557 24558 401cf2 ctype 33 API calls 24554->24558 24559 401cf2 ctype 33 API calls 24555->24559 24556 401cf2 ctype 33 API calls 24556->24544 24560 4048cf 32 API calls 24557->24560 24558->24540 24559->24540 24560->24445 24605 404be4 24561->24605 24564 401cf2 ctype 33 API calls 24565 403e64 24564->24565 24566 403b2d ctype 34 API calls 24565->24566 24567 402ba7 24566->24567 24567->24473 24568->24479 24570 4290ea 24569->24570 24580 4290f3 24569->24580 24571 429144 InterlockedIncrement 24570->24571 24570->24580 24572 429158 InterlockedDecrement 24571->24572 24576 429166 24571->24576 24573 42b6f4 ctype 29 API calls 24572->24573 24573->24576 24574 42e854 14 API calls 24574->24576 24575 4291aa 24577 4291b1 24575->24577 24578 4291bb InterlockedDecrement 24575->24578 24576->24574 24576->24575 24581 42b755 LeaveCriticalSection 24577->24581 24578->24580 24580->24521 24581->24580 24583 405343 ctype 32 API calls 24582->24583 24584 403c30 SetLastError 24583->24584 24584->24451 24587 403cfc 24585->24587 24588 4290d8 46 API calls 24587->24588 24589 403d5f 24587->24589 24597 40473b 46 API calls 24587->24597 24588->24587 24589->24538 24589->24541 24598 4053fc 24590->24598 24593 401cf2 ctype 33 API calls 24594 404bc2 24593->24594 24595 403b2d ctype 34 API calls 24594->24595 24596 403f8b 24595->24596 24596->24556 24597->24587 24599 405410 24598->24599 24600 405421 24599->24600 24604 404924 32 API calls 2 library calls 24599->24604 24602 403b2d ctype 34 API calls 24600->24602 24603 404bba 24602->24603 24603->24593 24604->24600 24606 404bfa 24605->24606 24607 404c3f 24606->24607 24608 404c33 24606->24608 24609 404c28 SysFreeString 24606->24609 24610 403b2d ctype 34 API calls 24607->24610 24613 404a6b 32 API calls 2 library calls 24608->24613 24609->24608 24612 403e5c 24610->24612 24612->24564 24613->24607 24615 404846 __EH_prolog 24614->24615 24616 404863 GetLastError 24615->24616 24617 40297e __vprintf_l SysFreeString 24616->24617 24618 404887 24617->24618 24619 40498d ctype 32 API calls 24618->24619 24620 4048a3 SetLastError 24619->24620 24620->24485 24621->24292 24623 420b07 CharPrevA 24622->24623 24624 420aff CharNextA 24622->24624 24625 420b16 24623->24625 24626 420b2c lstrcatA 24623->24626 24624->24623 24624->24624 24630 420c98 CharNextA CharNextA CharNextA CharNextA 24625->24630 24626->24189 24628 420b1c 24628->24626 24629 420b20 CharNextA CharNextA 24628->24629 24629->24626 24630->24628 24632 401fe7 __EH_prolog 24631->24632 24633 402375 40 API calls 24632->24633 24634 401ff3 24633->24634 24635 4023bd 126 API calls 24634->24635 24636 402003 24635->24636 24637 4025bc 47 API calls 24636->24637 24638 40201c lstrlenA 24637->24638 24639 402029 24638->24639 24640 4042e4 ctype 29 API calls 24639->24640 24641 402046 24640->24641 24642 4037e4 ctype 40 API calls 24641->24642 24643 401b79 24642->24643 24643->24208 24643->24311 24645 420e15 24644->24645 24645->24317 24645->24318 24647 420ee1 SetErrorMode 24646->24647 24648 420eea FindCloseChangeNotification 24646->24648 24649 420e7a 24647->24649 24648->24649 24649->24325 24649->24328 24651 4274b7 __vprintf_l 29 API calls 24650->24651 24652 404fd7 24651->24652 24661 426e4c 24652->24661 24657 405027 24659 4274b7 __vprintf_l 29 API calls 24657->24659 24658 426aeb ctype 29 API calls 24658->24657 24660 40239b 24659->24660 24660->24335 24662 426e64 24661->24662 24663 426e5d 24661->24663 24665 426e98 24662->24665 24666 426e6d InterlockedExchange 24662->24666 24664 426ebe EnterCriticalSection 24663->24664 24668 404ff1 24663->24668 24664->24668 24665->24663 24667 426eab Sleep 24665->24667 24666->24665 24669 426e7e InitializeCriticalSection 24666->24669 24667->24665 24671 426ee8 24668->24671 24674 426f84 35 API calls ctype 24669->24674 24672 426ef1 LeaveCriticalSection 24671->24672 24673 40501a 24671->24673 24672->24673 24673->24657 24673->24658 24674->24663 24730 4039eb 24675->24730 24677 4039c6 __vprintf_l 24677->24340 24744 404642 24678->24744 24681 4031bb 24682 4031c5 __EH_prolog 24681->24682 24753 40c4b0 24682->24753 24685 4042e4 ctype 29 API calls 24686 4031fe 24685->24686 24760 404008 GetFileSize 24686->24760 24687 4031eb 24687->24344 24731 4039f8 24730->24731 24733 4039fd 24730->24733 24742 426af6 30 API calls 3 library calls 24731->24742 24734 403a3f 24733->24734 24735 403a11 24733->24735 24737 403a15 24733->24737 24736 403a5a 24734->24736 24738 403a22 24734->24738 24739 4042e4 ctype 29 API calls 24734->24739 24735->24736 24735->24737 24736->24738 24743 403a70 29 API calls 3 library calls 24736->24743 24737->24738 24741 4042e4 ctype 29 API calls 24737->24741 24738->24677 24739->24736 24741->24738 24743->24738 24745 404652 24744->24745 24747 40468a ctype 24744->24747 24746 40465e 24745->24746 24745->24747 24751 404f88 40 API calls ctype 24746->24751 24749 4023de 24747->24749 24752 4043a2 40 API calls 2 library calls 24747->24752 24749->24681 24751->24749 24752->24747 24800 40cd2f 24753->24800 24759 4031e7 24759->24685 24759->24687 24761 404023 24760->24761 24801 40cd36 24800->24801 24802 40cd3b GetFileAttributesA 24800->24802 24801->24802 24803 40c4b8 24802->24803 24803->24759 24804 40cc7c 24803->24804 24817 405443 24804->24817 24816 40c4c3 24816->24759 24818 40544a 24817->24818 24819 40544f CreateFileA GetFileSize 24817->24819 24818->24819 24820 405478 24819->24820 24821 40548d 24819->24821 24820->24816 24823 4283d5 24820->24823 24821->24820 24822 4054a1 FindCloseChangeNotification 24821->24822 24822->24820 25179 42996c GetVersion 25210 42b8df HeapCreate 25179->25210 25181 4299ca 25182 4299d7 25181->25182 25183 4299cf 25181->25183 25222 42aa0c 25182->25222 25616 429a99 8 API calls ctype 25183->25616 25187 4299dc 25188 4299e0 25187->25188 25189 4299e8 25187->25189 25617 429a99 8 API calls ctype 25188->25617 25232 42fca1 25189->25232 25193 4299f2 GetCommandLineA 25246 42fb6f 25193->25246 25197 429a0c 25278 42f869 25197->25278 25199 429a11 25200 429a16 GetStartupInfoA 25199->25200 25291 42f811 25200->25291 25202 429a28 GetModuleHandleA 25295 41e070 CoInitialize 25202->25295 25207 429a55 25619 42f699 36 API calls 25207->25619 25209 429a66 25211 42b935 25210->25211 25212 42b8ff 25210->25212 25211->25181 25620 42b797 57 API calls __vprintf_l 25212->25620 25214 42b904 25215 42b90e 25214->25215 25217 42b91b 25214->25217 25621 42b93c HeapAlloc 25215->25621 25218 42b938 25217->25218 25622 42c483 5 API calls ctype 25217->25622 25218->25181 25219 42b918 25219->25218 25221 42b929 HeapDestroy 25219->25221 25221->25211 25623 42b6cb InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 25222->25623 25224 42aa12 TlsAlloc 25225 42aa22 25224->25225 25226 42aa5c 25224->25226 25624 430182 30 API calls ctype 25225->25624 25226->25187 25228 42aa2b 25228->25226 25229 42aa33 TlsSetValue 25228->25229 25229->25226 25230 42aa44 25229->25230 25231 42aa4a GetCurrentThreadId 25230->25231 25231->25187 25233 427a79 ctype 29 API calls 25232->25233 25234 42fcb4 25233->25234 25236 42fcc2 GetStartupInfoA 25234->25236 25625 429a74 7 API calls ctype 25234->25625 25242 42fde1 25236->25242 25245 42fd10 25236->25245 25238 42fe0c GetStdHandle 25241 42fe1a GetFileType 25238->25241 25238->25242 25239 42fe4c SetHandleCount 25239->25193 25240 427a79 ctype 29 API calls 25240->25245 25241->25242 25242->25238 25242->25239 25243 42fd87 25243->25242 25244 42fda9 GetFileType 25243->25244 25244->25243 25245->25240 25245->25242 25245->25243 25247 42fb8a GetEnvironmentStringsW 25246->25247 25248 42fbbd 25246->25248 25249 42fb92 25247->25249 25250 42fb9e GetEnvironmentStrings 25247->25250 25248->25249 25251 42fbae 25248->25251 25253 42fbd6 WideCharToMultiByte 25249->25253 25254 42fbca GetEnvironmentStringsW 25249->25254 25250->25251 25252 429a02 25250->25252 25251->25252 25255 42fc50 GetEnvironmentStrings 25251->25255 25256 42fc5c 25251->25256 25269 42f922 25252->25269 25258 42fc0a 25253->25258 25259 42fc3c FreeEnvironmentStringsW 25253->25259 25254->25252 25254->25253 25255->25252 25255->25256 25261 427a79 ctype 29 API calls 25256->25261 25260 427a79 ctype 29 API calls 25258->25260 25259->25252 25262 42fc10 25260->25262 25266 42fc77 __vprintf_l 25261->25266 25262->25259 25263 42fc19 WideCharToMultiByte 25262->25263 25265 42fc2a 25263->25265 25268 42fc33 25263->25268 25264 42fc8d FreeEnvironmentStringsA 25264->25252 25267 427990 ctype 29 API calls 25265->25267 25266->25264 25267->25268 25268->25259 25270 42f934 25269->25270 25271 42f939 GetModuleFileNameA 25269->25271 25626 42ed05 48 API calls 25270->25626 25273 42f95c 25271->25273 25274 427a79 ctype 29 API calls 25273->25274 25275 42f97d 25274->25275 25276 42f98d 25275->25276 25627 429a74 7 API calls ctype 25275->25627 25276->25197 25279 42f876 25278->25279 25281 42f87b __vprintf_l 25278->25281 25628 42ed05 48 API calls 25279->25628 25282 427a79 ctype 29 API calls 25281->25282 25283 42f8a8 25282->25283 25290 42f8bc __vprintf_l ctype 25283->25290 25629 429a74 7 API calls ctype 25283->25629 25285 42f8ff 25286 427990 ctype 29 API calls 25285->25286 25287 42f90b 25286->25287 25287->25199 25288 427a79 ctype 29 API calls 25288->25290 25290->25285 25290->25288 25630 429a74 7 API calls ctype 25290->25630 25292 42f81a 25291->25292 25294 42f81f 25291->25294 25631 42ed05 48 API calls 25292->25631 25294->25202 25296 41e09d ctype 25295->25296 25632 41ed52 25296->25632 25301 41eddd 58 API calls 25302 41e0e8 25301->25302 25303 41e158 25302->25303 25304 41e0ec 25302->25304 25306 41e16d 25303->25306 25308 41eddd 58 API calls 25303->25308 25808 40a7bd 60 API calls 2 library calls 25304->25808 25313 41e21a 25306->25313 25815 401581 25306->25815 25307 41e0f8 25809 40a71d 166 API calls 2 library calls 25307->25809 25308->25306 25310 41e199 25820 40a013 32 API calls 25310->25820 25312 41e105 25810 40191f 33 API calls 2 library calls 25312->25810 25314 41e3c4 25313->25314 25319 41e28d 25313->25319 25320 41e234 wsprintfA 25313->25320 25321 402838 3 API calls 25314->25321 25317 41e110 25811 40a8fa 162 API calls __vprintf_l 25317->25811 25318 41e1b3 25324 41eddd 58 API calls 25318->25324 25328 41e2ec 25319->25328 25329 41e2a2 wsprintfA 25319->25329 25826 421000 25320->25826 25325 41e413 25321->25325 25323 41e11b 25327 41e11f 25323->25327 25812 4014ff 43 API calls 2 library calls 25323->25812 25330 41e1c4 25324->25330 25649 41b897 25325->25649 25814 40a79a 33 API calls __vprintf_l 25327->25814 25328->25314 25343 41e307 lstrcpyA lstrlenA 25328->25343 25334 4210dd 3 API calls 25329->25334 25335 41e1d7 25330->25335 25821 4016c7 32 API calls __vprintf_l 25330->25821 25332 41e420 25348 41eddd 58 API calls 25332->25348 25364 41e280 ctype 25334->25364 25340 41e1dc 25335->25340 25341 41e20f 25335->25341 25337 41e13b 25813 40ab3b 127 API calls 3 library calls 25337->25813 25822 40aeca 34 API calls __vprintf_l 25340->25822 25825 40191f 33 API calls 2 library calls 25341->25825 25342 41e26d 25834 4019b0 25342->25834 25353 41e35b lstrcpyA 25343->25353 25346 41e153 25350 41e3ba 25346->25350 25355 41e444 25348->25355 25349 41ed97 31 API calls 25356 41ec84 CoUninitialize 25349->25356 25801 41ed97 25350->25801 25351 41e1f5 25823 41f28b 247 API calls 3 library calls 25351->25823 25837 421afe 72 API calls __EH_prolog 25353->25837 25361 41e46e 25355->25361 25838 41f5e7 46 API calls 2 library calls 25355->25838 25362 41ed4b 25356->25362 25360 41ed43 CoUninitialize 25360->25362 25367 41e528 25361->25367 25371 4021e9 32 API calls 25361->25371 25618 428e80 32 API calls 25362->25618 25363 41e1fa 25824 40191f 33 API calls 2 library calls 25363->25824 25364->25349 25369 402d6a 31 API calls 25367->25369 25372 41e536 lstrcpyA 25369->25372 25370 41e453 25839 403c5c 32 API calls 2 library calls 25370->25839 25373 41e48f 25371->25373 25707 420b32 25372->25707 25374 402d6a 31 API calls 25373->25374 25377 41e498 GetTempPathA 25374->25377 25379 4022fb 48 API calls 25377->25379 25382 41e4ab 25379->25382 25380 41e551 lstrlenA 25381 41e562 25380->25381 25606 41ecd5 25380->25606 25383 41e587 25381->25383 25384 41e567 25381->25384 25386 403bc0 34 API calls 25382->25386 25385 4029bb 43 API calls 25383->25385 25840 420be0 lstrlenA GetDriveTypeA 25384->25840 25389 41e59f 25385->25389 25390 41e4d0 25386->25390 25393 402216 66 API calls 25389->25393 25654 41f5af 25390->25654 25391 41ecdd 25776 40e565 25391->25776 25392 41e56e 25392->25606 25841 41f108 244 API calls 2 library calls 25392->25841 25395 41e5a6 25393->25395 25398 401cf2 ctype 33 API calls 25395->25398 25402 41e5ae 25398->25402 25401 41e57e 25401->25383 25401->25606 25405 402216 66 API calls 25402->25405 25404 41ed09 25798 40e6aa 25404->25798 25408 41e5c1 25405->25408 25406 401d6c 32 API calls 25409 41e500 25406->25409 25411 4029bb 43 API calls 25408->25411 25412 401cf2 ctype 33 API calls 25409->25412 25410 41ed14 ctype 25846 407f15 35 API calls ctype 25410->25846 25413 41e5da 25411->25413 25414 41e50b 25412->25414 25416 402a71 66 API calls 25413->25416 25417 403e43 38 API calls 25414->25417 25419 41e5e1 25416->25419 25420 41e51d 25417->25420 25418 41ed30 25422 401cf2 ctype 33 API calls 25418->25422 25423 401cf2 ctype 33 API calls 25419->25423 25421 401cf2 ctype 33 API calls 25420->25421 25421->25367 25422->25350 25424 41e5e9 25423->25424 25713 41883f 25424->25713 25427 41883f 39 API calls 25428 41e623 25427->25428 25429 402d6a 31 API calls 25428->25429 25430 41e62e 25429->25430 25431 402d6a 31 API calls 25430->25431 25432 41e63c CopyFileA 25431->25432 25433 4021e9 32 API calls 25432->25433 25434 41e656 25433->25434 25435 402d6a 31 API calls 25434->25435 25436 41e660 25435->25436 25725 401ded 25436->25725 25439 4022fb 48 API calls 25440 41e677 25439->25440 25441 4029bb 43 API calls 25440->25441 25442 41e68b 25441->25442 25443 41883f 39 API calls 25442->25443 25444 41e6a1 25443->25444 25445 401d6c 32 API calls 25444->25445 25446 41e6ad 25445->25446 25447 401cf2 ctype 33 API calls 25446->25447 25448 41e6b8 25447->25448 25449 401cf2 ctype 33 API calls 25448->25449 25450 41e6c0 25449->25450 25451 4029bb 43 API calls 25450->25451 25452 41e6d4 25451->25452 25453 41883f 39 API calls 25452->25453 25454 41e6ea 25453->25454 25455 401d6c 32 API calls 25454->25455 25456 41e6f6 25455->25456 25457 401cf2 ctype 33 API calls 25456->25457 25458 41e701 25457->25458 25459 401cf2 ctype 33 API calls 25458->25459 25460 41e709 25459->25460 25461 402d6a 31 API calls 25460->25461 25462 41e714 25461->25462 25463 402d6a 31 API calls 25462->25463 25464 41e723 CopyFileA 25463->25464 25465 4021e9 32 API calls 25464->25465 25466 41e739 25465->25466 25467 402d6a 31 API calls 25466->25467 25468 41e743 25467->25468 25469 401ded 147 API calls 25468->25469 25470 41e752 25469->25470 25471 4022fb 48 API calls 25470->25471 25472 41e75a 25471->25472 25473 4029bb 43 API calls 25472->25473 25474 41e76d 25473->25474 25475 41883f 39 API calls 25474->25475 25476 41e783 25475->25476 25477 401d6c 32 API calls 25476->25477 25478 41e78f 25477->25478 25479 401cf2 ctype 33 API calls 25478->25479 25480 41e79a 25479->25480 25770 4208ee LoadLibraryA 25606->25770 25618->25207 25619->25209 25620->25214 25621->25219 25622->25219 25623->25224 25624->25228 25625->25236 25626->25271 25627->25276 25628->25281 25629->25290 25630->25290 25631->25294 25633 41ed5c __EH_prolog 25632->25633 25847 408dbe MultiByteToWideChar SysAllocStringLen 25633->25847 25638 41eddd 25640 41ede7 __vprintf_l __EH_prolog 25638->25640 25639 41e0d5 25639->25301 25640->25639 25641 41f6d8 34 API calls 25640->25641 25643 401cf2 33 API calls ctype 25640->25643 25644 41eed5 SysAllocString 25640->25644 25645 41ef13 SysFreeString 25640->25645 25646 41eeee SysStringLen 25640->25646 25859 40f7d2 25640->25859 25641->25640 25643->25640 25644->25640 25644->25645 25645->25639 25646->25645 25648 41eef9 SysFreeString 25646->25648 25648->25640 25650 41b8a1 __EH_prolog 25649->25650 25651 41b8bd GetLastError 25650->25651 25652 4274b7 __vprintf_l 29 API calls 25651->25652 25653 41b8e3 SetLastError 25652->25653 25653->25332 25655 41f5b9 25654->25655 25656 403bc0 34 API calls 25655->25656 25657 41e4e4 25656->25657 25658 4222c3 25657->25658 25659 4222cd __EH_prolog 25658->25659 25660 42231d 25659->25660 25661 4021e9 32 API calls 25659->25661 25662 404ba1 37 API calls 25660->25662 25663 4222f9 25661->25663 25664 42232e 25662->25664 25665 402d6a 31 API calls 25663->25665 25870 4225d1 25664->25870 25667 422306 GetTempPathA 25665->25667 25669 4022fb 48 API calls 25667->25669 25669->25660 25670 402838 3 API calls 25687 422353 25670->25687 25672 4021e9 32 API calls 25680 4223fe 25672->25680 25674 402d6a 31 API calls 25674->25680 25676 402d6a 31 API calls 25677 422430 GetTempFileNameA 25676->25677 25679 4022fb 48 API calls 25677->25679 25678 41883f 39 API calls 25678->25687 25679->25680 25680->25672 25680->25674 25680->25676 25682 402d6a 31 API calls 25680->25682 25680->25687 25681 401d6c 32 API calls 25681->25687 25683 422451 DeleteFileA 25682->25683 25683->25680 25684 403b2d 34 API calls ctype 25684->25687 25685 403bc0 34 API calls 25685->25687 25687->25678 25687->25680 25687->25681 25687->25684 25687->25685 25689 401cf2 33 API calls ctype 25687->25689 25690 404ba1 37 API calls 25687->25690 25692 422597 25687->25692 25694 422549 25687->25694 25908 4221bf UuidCreate 25687->25908 25911 422056 25687->25911 25945 41a686 39 API calls 2 library calls 25687->25945 25946 41a34a 39 API calls 3 library calls 25687->25946 25947 403c85 52 API calls 25687->25947 25948 4228c4 66 API calls 2 library calls 25687->25948 25689->25687 25690->25687 25693 4225b9 25692->25693 25695 403b2d ctype 34 API calls 25692->25695 25949 418815 25693->25949 25697 41f5af 34 API calls 25694->25697 25699 4225b4 25695->25699 25698 42255e 25697->25698 25701 401cf2 ctype 33 API calls 25698->25701 25700 4225d1 70 API calls 25699->25700 25700->25693 25702 42256d 25701->25702 25703 401cf2 ctype 33 API calls 25702->25703 25704 422579 25703->25704 25705 401cf2 ctype 33 API calls 25704->25705 25706 41e4f1 25705->25706 25706->25406 25708 41e54c 25707->25708 25709 420b44 CharNextA lstrcpyA 25707->25709 25708->25380 25708->25381 25710 420b86 CharNextA 25709->25710 25711 420b8e CharPrevA 25709->25711 25710->25710 25710->25711 25711->25708 25712 420ba2 lstrcpyA 25711->25712 25712->25708 25714 418849 __EH_prolog 25713->25714 25715 403b2d ctype 34 API calls 25714->25715 25716 41886e 25715->25716 25717 418815 34 API calls 25716->25717 25718 418887 25717->25718 26013 419184 25718->26013 25721 403b2d ctype 34 API calls 25722 4188a4 25721->25722 25723 401cf2 ctype 33 API calls 25722->25723 25724 4188b7 25723->25724 25724->25427 26035 420a03 25725->26035 25728 420c44 12 API calls 25729 401e26 25728->25729 25730 402063 131 API calls 25729->25730 25731 401e3e 25730->25731 25731->25439 25771 420905 GetProcAddress 25770->25771 25772 420938 25770->25772 25773 420915 25771->25773 25774 42092b #17 25771->25774 25772->25391 25775 420931 FreeLibrary 25773->25775 25774->25775 25775->25772 25777 40e56f __EH_prolog 25776->25777 26177 40f6c8 RegOpenKeyExA 25777->26177 25780 4274b7 __vprintf_l 29 API calls 25781 40e596 25780->25781 25782 40e5ab 25781->25782 26182 41be05 25781->26182 26202 41c119 34 API calls __vprintf_l 25782->26202 25785 40e5c0 25786 420a03 4 API calls 25785->25786 25787 40e5dc 25786->25787 26195 41c2ad 31 API calls __vprintf_l 25787->26195 25789 40e5eb 26196 401327 25789->26196 25793 40e614 ctype 25793->25404 25794 40e629 25794->25793 25795 420c44 12 API calls 25794->25795 25796 40e673 25795->25796 26204 41d453 86 API calls 3 library calls 25796->26204 26244 41c33b 25798->26244 25802 41eda1 __EH_prolog 25801->25802 25804 41edba 25802->25804 27476 41e024 30 API calls ctype 25802->27476 25805 41edc8 SysFreeString 25804->25805 25806 426aeb ctype 29 API calls 25804->25806 25805->25360 25807 41edc7 25806->25807 25807->25805 25808->25307 25809->25312 25810->25317 25811->25323 25812->25337 25813->25327 25814->25346 25816 40158b __EH_prolog 25815->25816 25817 4015a8 GetLastError 25816->25817 25818 40297e __vprintf_l SysFreeString 25817->25818 25819 4015ca SetLastError 25818->25819 25819->25310 25820->25318 25821->25335 25822->25351 25823->25363 25824->25346 25825->25313 25827 42101c ctype 25826->25827 25828 421043 lstrcpyA CreateProcessA 25827->25828 25829 4210d2 25828->25829 25830 421074 MsgWaitForMultipleObjects 25828->25830 25829->25342 25831 4210af GetExitCodeProcess CloseHandle 25830->25831 25833 42108b 25830->25833 25831->25829 25832 42108f PeekMessageA 25832->25831 25832->25833 25833->25830 25833->25831 25833->25832 27477 401e46 LoadIconA LoadCursorA GetStockObject RegisterClassA 25834->27477 25837->25350 25838->25370 25839->25361 25840->25392 25841->25401 25846->25418 25848 408df5 25847->25848 25849 408dea MultiByteToWideChar 25847->25849 25850 41ef4e 25848->25850 25849->25848 25852 41ef58 __EH_prolog 25850->25852 25851 41e0c3 25851->25638 25852->25851 25853 4274b7 __vprintf_l 29 API calls 25852->25853 25854 41ef89 25853->25854 25855 4274b7 __vprintf_l 29 API calls 25854->25855 25856 41efc7 ctype 25855->25856 25856->25851 25858 41b823 SysStringLen SysAllocStringLen SysFreeString __vprintf_l 25856->25858 25858->25856 25860 40f7e0 25859->25860 25863 40f7f4 25860->25863 25864 40f804 25863->25864 25865 40f809 25863->25865 25869 426d22 30 API calls 3 library calls 25864->25869 25867 4290d8 46 API calls 25865->25867 25868 40f7f1 25867->25868 25868->25640 25871 4225db __EH_prolog 25870->25871 25872 402a71 66 API calls 25871->25872 25873 4225f4 25872->25873 25874 401d6c 32 API calls 25873->25874 25875 422601 25874->25875 25876 401cf2 ctype 33 API calls 25875->25876 25877 42260c 25876->25877 25878 404ba1 37 API calls 25877->25878 25879 422618 25878->25879 25880 401cf2 ctype 33 API calls 25879->25880 25881 422620 25880->25881 25882 402838 3 API calls 25881->25882 25890 42264d 25882->25890 25883 403ceb 49 API calls 25883->25890 25884 402a3d 34 API calls 25884->25890 25885 422727 25886 401cf2 ctype 33 API calls 25885->25886 25888 422732 25886->25888 25889 401cf2 ctype 33 API calls 25888->25889 25907 422333 25889->25907 25890->25883 25890->25884 25890->25885 25893 401cf2 ctype 33 API calls 25890->25893 25894 402d6a 31 API calls 25890->25894 25953 422aca 25890->25953 25957 422851 39 API calls 25890->25957 25958 418d2e 32 API calls 2 library calls 25890->25958 25893->25890 25895 4226eb CreateDirectoryA 25894->25895 25895->25890 25896 4226f6 GetLastError 25895->25896 25896->25890 25897 42274f 25896->25897 25898 403b2d ctype 34 API calls 25897->25898 25899 42276a 25898->25899 25959 42218b 35 API calls 2 library calls 25899->25959 25901 42276f 25902 401cf2 ctype 33 API calls 25901->25902 25903 42277e 25902->25903 25904 401cf2 ctype 33 API calls 25903->25904 25905 422789 25904->25905 25906 401cf2 ctype 33 API calls 25905->25906 25906->25907 25907->25670 25960 4221f3 25908->25960 25912 422060 __EH_prolog 25911->25912 25913 403e43 38 API calls 25912->25913 25914 42207a 25913->25914 25915 401cf2 ctype 33 API calls 25914->25915 25916 422082 25915->25916 25917 402a71 66 API calls 25916->25917 25918 422090 25917->25918 25919 4220b4 25918->25919 25920 404ba1 37 API calls 25918->25920 25921 4220b9 25919->25921 25923 402d6a 31 API calls 25919->25923 25922 4220ac 25920->25922 25924 402838 3 API calls 25921->25924 25925 401cf2 ctype 33 API calls 25922->25925 25923->25921 25926 4220e4 25924->25926 25925->25919 25927 4021e9 32 API calls 25926->25927 25928 4220fa 25927->25928 25929 402d6a 31 API calls 25928->25929 25930 422107 25929->25930 25985 4188ca 25930->25985 25933 402d6a 31 API calls 25934 42212c SearchPathA 25933->25934 25935 401cf2 ctype 33 API calls 25934->25935 25936 42214a 25935->25936 25937 4022fb 48 API calls 25936->25937 25938 422156 25937->25938 25939 401cf2 ctype 33 API calls 25938->25939 25940 422162 25939->25940 25941 401cf2 ctype 33 API calls 25940->25941 25942 42216e 25941->25942 25943 401cf2 ctype 33 API calls 25942->25943 25944 42217a 25943->25944 25944->25687 25945->25687 25946->25687 25947->25687 25948->25687 25950 41881f 25949->25950 25951 403b2d ctype 34 API calls 25950->25951 25952 418839 25951->25952 25952->25698 25954 422ad6 __vprintf_l 25953->25954 25955 40f7f4 47 API calls 25954->25955 25956 422ae8 25955->25956 25956->25890 25957->25890 25958->25890 25959->25901 25961 4221fd __EH_prolog 25960->25961 25962 402838 3 API calls 25961->25962 25963 422225 UuidToStringA 25962->25963 25964 422242 __vprintf_l 25963->25964 25965 4021e9 32 API calls 25964->25965 25966 422251 25965->25966 25967 402d6a 31 API calls 25966->25967 25968 42225e ctype 25967->25968 25969 4022fb 48 API calls 25968->25969 25970 422278 25969->25970 25977 42287a 25970->25977 25973 403b2d ctype 34 API calls 25974 42229f 25973->25974 25975 401cf2 ctype 33 API calls 25974->25975 25976 4221e9 25975->25976 25976->25687 25978 422884 __EH_prolog 25977->25978 25979 4021e9 32 API calls 25978->25979 25980 422894 25979->25980 25981 402d6a 31 API calls 25980->25981 25982 4228a1 CharUpperA 25981->25982 25983 4022fb 48 API calls 25982->25983 25984 422280 RpcStringFreeA 25983->25984 25984->25973 25986 4188d4 __EH_prolog 25985->25986 25987 403b2d ctype 34 API calls 25986->25987 25988 4188f9 25987->25988 25989 403e43 38 API calls 25988->25989 25990 41891e 25989->25990 25991 401cf2 ctype 33 API calls 25990->25991 25992 418926 25991->25992 25993 403e86 61 API calls 25992->25993 25994 418933 25993->25994 25995 40f7d2 47 API calls 25994->25995 25998 418954 25995->25998 25996 401cf2 ctype 33 API calls 25997 418979 25996->25997 25999 4189a5 25997->25999 26000 402216 66 API calls 25997->26000 25998->25996 26001 4189bf 25999->26001 26004 404ba1 37 API calls 25999->26004 26003 41898c 26000->26003 26002 403b2d ctype 34 API calls 26001->26002 26005 4189d4 26002->26005 26006 401d6c 32 API calls 26003->26006 26007 4189b7 26004->26007 26008 401cf2 ctype 33 API calls 26005->26008 26009 418999 26006->26009 26010 401cf2 ctype 33 API calls 26007->26010 26011 4189e7 26008->26011 26012 401cf2 ctype 33 API calls 26009->26012 26010->26001 26011->25933 26012->25999 26014 41918e __EH_prolog 26013->26014 26016 4191a4 26014->26016 26019 4191af 26014->26019 26031 4191ad 26014->26031 26015 401cf2 ctype 33 API calls 26017 41888f 26015->26017 26018 401d6c 32 API calls 26016->26018 26017->25721 26018->26031 26020 41921b 26019->26020 26023 4191d2 26019->26023 26021 4191e3 26020->26021 26022 41921f 26020->26022 26033 418d2e 32 API calls 2 library calls 26021->26033 26025 402a3d 34 API calls 26022->26025 26023->26021 26032 404924 32 API calls 2 library calls 26023->26032 26027 419232 26025->26027 26034 418d2e 32 API calls 2 library calls 26027->26034 26029 419251 26030 401cf2 ctype 33 API calls 26029->26030 26030->26031 26031->26015 26032->26021 26033->26031 26034->26029 26036 420a13 26035->26036 26037 401e0f 26035->26037 26036->26037 26038 420a18 lstrcpyA 26036->26038 26037->25728 26039 420a39 26038->26039 26040 420a41 CharNextA 26039->26040 26041 420a4c lstrcpyA lstrcpyA 26039->26041 26040->26041 26041->26037 26178 40f6e9 RegQueryValueExA 26177->26178 26179 40e584 26177->26179 26180 40f716 RegCloseKey 26178->26180 26181 40f70f 26178->26181 26179->25780 26180->26179 26181->26180 26183 41be0f __EH_prolog 26182->26183 26184 402375 40 API calls 26183->26184 26185 41be90 26184->26185 26186 401581 __vprintf_l 3 API calls 26185->26186 26187 41bec4 26186->26187 26188 401581 __vprintf_l 3 API calls 26187->26188 26189 41bee1 26188->26189 26190 41bf5e GetModuleFileNameA 26189->26190 26191 4274b7 __vprintf_l 29 API calls 26190->26191 26192 41bf6f 26191->26192 26193 41f8f3 62 API calls 26192->26193 26194 41bf89 ctype 26192->26194 26193->26194 26194->25782 26195->25789 26197 401336 26196->26197 26200 40136b 26196->26200 26198 401362 26197->26198 26197->26200 26205 40ee2b 26197->26205 26236 40f36b 335 API calls 3 library calls 26198->26236 26200->25793 26203 40e6b6 299 API calls 3 library calls 26200->26203 26202->25785 26203->25794 26204->25793 26237 40f736 RegOpenKeyExA 26205->26237 26208 40ee6c 26241 428730 44 API calls ctype 26208->26241 26209 40ee4d RegDeleteValueA 26209->26208 26211 40ee60 RegCloseKey 26209->26211 26211->26208 26212 40ee79 26213 40ef4e 26212->26213 26214 40ee8a CharNextA lstrcmpA 26212->26214 26243 41d453 86 API calls 3 library calls 26213->26243 26215 40eea4 lstrcpyA 26214->26215 26216 40eebb 26214->26216 26215->26213 26218 40f736 __vprintf_l 2 API calls 26216->26218 26220 40eed2 26218->26220 26219 40ef95 26221 40efa8 26219->26221 26222 40ef99 lstrcpyA 26219->26222 26223 40ef55 26220->26223 26224 40eed6 RegQueryValueExA RegDeleteValueA 26220->26224 26225 40eff6 26221->26225 26226 40efad RegCloseKey 26221->26226 26222->26221 26242 40f36b 335 API calls 3 library calls 26223->26242 26227 40ef21 RegCloseKey 26224->26227 26228 40ef2d lstrcpyA 26224->26228 26231 401cf2 ctype 33 API calls 26225->26231 26226->26225 26227->26228 26228->26213 26230 40ef5d 26232 40ef63 RegCloseKey 26230->26232 26233 40ef6f 26230->26233 26235 40ef7b 26231->26235 26232->26233 26234 401cf2 ctype 33 API calls 26233->26234 26234->26235 26235->26197 26236->26200 26238 40f75a 26237->26238 26239 40ee49 26237->26239 26238->26239 26240 40f760 RegCloseKey 26238->26240 26239->26208 26239->26209 26240->26239 26241->26212 26242->26230 26243->26219 26245 41c345 __EH_prolog 26244->26245 26246 41c357 26245->26246 26249 41c369 26245->26249 26262 41c73f 26246->26262 26248 41c35c 26250 41c367 ctype 26248->26250 26296 41c961 26248->26296 26249->26250 26373 4123ac 26249->26373 26404 41c3f8 149 API calls 26250->26404 26254 41c380 26376 413bd5 26254->26376 26256 41c3d1 ctype 26257 41c3e4 26256->26257 26258 40e6b2 26256->26258 26405 421166 6 API calls 26257->26405 26258->25410 26260 41c39f 26260->26256 26261 4019b0 8 API calls 26260->26261 26261->26256 26263 41c749 __EH_prolog 26262->26263 26406 41acd3 26263->26406 26267 41c76f 26295 41c8df ctype 26267->26295 26415 406b38 26267->26415 26271 41c79d 26271->26295 26443 407585 26271->26443 26274 41c7f6 26451 4101bc 26274->26451 26275 41c81e 26277 4101bc 193 API calls 26275->26277 26278 41c81c 26277->26278 26279 421b63 206 API calls 26278->26279 26278->26295 26280 41c86a lstrlenA 26279->26280 26281 41c87c 26280->26281 26280->26295 26486 41ae06 30 API calls __EH_prolog 26281->26486 26283 41c888 26284 41c8fa 26283->26284 26286 41c89c 26283->26286 26490 41af1a 32 API calls 26284->26490 26487 41af1a 32 API calls 26286->26487 26287 41c8c1 26289 41c91a 26287->26289 26290 41c8c9 26287->26290 26491 41aeae 30 API calls 2 library calls 26289->26491 26489 41aeae 30 API calls 2 library calls 26290->26489 26291 41c8ac 26291->26289 26488 41aeef DialogBoxParamA 26291->26488 26295->26248 26297 41c96b __EH_prolog 26296->26297 26779 41c446 26297->26779 26299 41ca62 26807 4213be GetLocaleInfoA 26299->26807 26302 41ca77 IsValidCodePage 26303 41ca86 26302->26303 26332 41cab8 ctype 26302->26332 26833 42163d VerLanguageNameA VerLanguageNameA lstrcmpiA VerLanguageNameA lstrcpyA 26303->26833 26306 41c9e1 26308 41ca3e 26306->26308 26830 41d6f3 213 API calls 26306->26830 26307 41ca98 26834 42045d 158 API calls 26307->26834 26831 401072 25 API calls 26308->26831 26312 41cab1 26372 41cd0c ctype 26312->26372 26313 41ca4e 26313->26299 26832 41d808 41 API calls __vprintf_l 26313->26832 26314 41cb63 26315 407585 48 API calls 26314->26315 26326 41cc0f 26314->26326 26317 41cc06 26315->26317 26320 4274b7 __vprintf_l 29 API calls 26317->26320 26320->26326 26321 4204d4 150 API calls 26327 41cc58 lstrlenA 26321->26327 26322 41ca5d 26322->26299 26323 41c9f4 26323->26308 26324 41ca03 26323->26324 26325 41ca17 26323->26325 26328 41d1e0 208 API calls 26324->26328 26329 420c44 12 API calls 26325->26329 26812 40f8a5 26326->26812 26330 41cc92 26327->26330 26331 41cc6e 26327->26331 26333 41ca15 26328->26333 26334 41ca2e 26329->26334 26338 41ccb1 26330->26338 26841 42045d 158 API calls 26330->26841 26331->26330 26339 41cc86 lstrlenA 26331->26339 26332->26314 26336 41ceaa 30 API calls 26332->26336 26333->26299 26333->26308 26337 420de9 GetFileAttributesA 26334->26337 26340 41cb2f 26336->26340 26337->26333 26348 41ccc3 wsprintfA 26338->26348 26339->26330 26341 41cb33 26340->26341 26342 41cb6f 26340->26342 26343 420c44 12 API calls 26341->26343 26344 41cb78 26342->26344 26345 41cb9d 26342->26345 26347 41cb45 26343->26347 26349 420c44 12 API calls 26344->26349 26838 41ce1c GetVersion 26345->26838 26835 41d16e 208 API calls 26347->26835 26822 41ce6a IsWindow 26348->26822 26353 41cb8c 26349->26353 26350 41cba4 26365 41cbc2 ctype 26350->26365 26839 41cde3 48 API calls 26350->26839 26837 41d453 86 API calls 3 library calls 26353->26837 26355 41cb4c 26355->26372 26836 41d453 86 API calls 3 library calls 26355->26836 26358 41ce45 165 API calls 26361 41cd01 26358->26361 26359 41cbaf 26359->26365 26840 41cd5c 52 API calls 26359->26840 26825 41d417 26361->26825 26365->26314 26366 4123ac 165 API calls 26367 41cd1e 26366->26367 26368 413bd5 921 API calls 26367->26368 26369 41cd29 26368->26369 26370 41cd31 26369->26370 26369->26372 26842 40f91f IsWindow KillTimer DestroyWindow DestroyWindow 26370->26842 26372->26250 26374 401000 165 API calls 26373->26374 26375 4123bc ctype 26374->26375 26375->26254 26377 413bdf __EH_prolog 26376->26377 26866 41dbea 26377->26866 26380 413d04 27124 41dc44 48 API calls 26380->27124 26381 413c1b 26869 4134c4 26381->26869 26384 413d0b 26385 413c9f 26384->26385 26386 413d0f 26384->26386 26385->26250 27125 41dcb3 76 API calls 2 library calls 26386->27125 26388 413cbf 26389 413cee 26388->26389 26392 413ccc 26388->26392 26966 413ea3 26389->26966 26390 413c3a 26390->26385 26390->26388 26390->26389 26953 4098e1 lstrcpyA 26390->26953 27123 41684d 276 API calls 3 library calls 26392->27123 26395 413ce1 26395->26389 26397 413ce5 26395->26397 26396 413c70 26958 40995b 26396->26958 26397->26385 26399 413c85 26400 413cb0 26399->26400 26401 413c89 26399->26401 26402 409945 FreeLibrary 26400->26402 27119 409945 26401->27119 26402->26388 26404->26260 26405->26258 26492 401000 26406->26492 26409 41ad16 26532 40104a 26409->26532 26411 41ad2c GetVersionExA 26412 41ad72 26411->26412 26414 41ad93 26411->26414 26413 41ad78 GetSystemInfo 26412->26413 26412->26414 26413->26414 26414->26267 26416 401000 165 API calls 26415->26416 26417 406b48 26416->26417 26418 406b7b 26417->26418 26419 406b85 __EH_prolog 26418->26419 26420 41acd3 165 API calls 26419->26420 26423 406c31 ctype 26419->26423 26421 406baf 26420->26421 26422 41ad16 2 API calls 26421->26422 26424 406bbb 26422->26424 26423->26271 26424->26423 26533 41c1b0 lstrlenA 26424->26533 26426 406bee 26539 406cff 26426->26539 26428 406c10 26429 406c15 26428->26429 26555 41ceaa 26428->26555 26636 420369 156 API calls 26429->26636 26434 406c50 26434->26423 26435 41ceaa 30 API calls 26434->26435 26439 406c7a 26435->26439 26436 406c9a 26582 406dc0 26436->26582 26439->26436 26637 41d1e0 26439->26637 26440 406cb7 26440->26423 26655 41d13a 197 API calls 26440->26655 26444 40758f __EH_prolog 26443->26444 26445 4025bc 47 API calls 26444->26445 26446 4075b1 26445->26446 26447 4075cb 26446->26447 26448 4075b5 lstrcmpA 26446->26448 26447->26274 26447->26275 26448->26447 26449 4075c3 26448->26449 26716 4288bc 6 API calls 26449->26716 26717 427498 26451->26717 26453 4101c6 lstrcpyA lstrcpyA 26718 410df0 26453->26718 26456 410335 26456->26278 26457 410200 LoadLibraryA 26459 4102e9 26457->26459 26460 41021c GetProcAddress 26457->26460 26458 410327 26727 4104ad 26458->26727 26459->26458 26463 41030a 26459->26463 26462 402375 40 API calls 26460->26462 26464 410234 26462->26464 26748 41035b 149 API calls 26463->26748 26466 4023bd 126 API calls 26464->26466 26468 410245 26466->26468 26467 410322 26467->26456 26469 401581 __vprintf_l 3 API calls 26468->26469 26470 410260 26469->26470 26743 409f43 32 API calls 26470->26743 26472 410276 26744 4016f0 31 API calls 2 library calls 26472->26744 26474 410283 26475 4025bc 47 API calls 26474->26475 26476 41029f 26475->26476 26745 409f70 48 API calls 2 library calls 26476->26745 26478 4102ab 26486->26283 26487->26291 26488->26287 26489->26295 26490->26287 26491->26295 26495 41ce45 26492->26495 26498 41d35d IsWindow 26495->26498 26499 40101d 26498->26499 26500 41d377 26498->26500 26499->26409 26511 4204d4 wsprintfA 26500->26511 26502 41d38b 26503 41d403 SetWindowTextA 26502->26503 26504 41d397 lstrlenA 26502->26504 26503->26499 26505 41d3a8 26504->26505 26508 41d3db 26505->26508 26516 42045d 158 API calls 26505->26516 26507 41d3cf 26517 428e80 32 API calls 26507->26517 26510 41d3e6 wsprintfA 26508->26510 26510->26503 26518 420519 26511->26518 26514 420502 LoadStringA 26515 420517 26514->26515 26515->26502 26516->26507 26517->26508 26519 420523 __EH_prolog 26518->26519 26520 4205a8 19 API calls 26519->26520 26521 42053a 26520->26521 26522 402375 40 API calls 26521->26522 26523 420544 26522->26523 26524 4023bd 126 API calls 26523->26524 26525 420557 26524->26525 26526 4025bc 47 API calls 26525->26526 26527 420573 lstrlenA 26526->26527 26528 4042e4 ctype 29 API calls 26527->26528 26529 42058d 26528->26529 26530 4037e4 ctype 40 API calls 26529->26530 26531 4204fb 26530->26531 26531->26514 26531->26515 26532->26411 26534 4274b7 __vprintf_l 29 API calls 26533->26534 26535 41c1c7 lstrcpyA lstrcpyA 26534->26535 26536 41c1f1 26535->26536 26537 41c1e9 26535->26537 26536->26426 26656 41c1fe 26537->26656 26540 406d09 26539->26540 26541 406d10 GetTempPathA 26540->26541 26542 406d40 GetWindowsDirectoryA 26541->26542 26543 406d28 SetErrorMode 26541->26543 26545 406d5c lstrcpyA 26542->26545 26546 406d4f 26542->26546 26679 406d95 26543->26679 26684 420999 23 API calls 26545->26684 26548 406d95 22 API calls 26546->26548 26551 406d58 26548->26551 26550 406d8c 26550->26428 26551->26545 26551->26550 26552 406d71 26552->26550 26685 420999 23 API calls 26552->26685 26554 406d81 26554->26550 26556 421d1d 30 API calls 26555->26556 26557 406c4c 26556->26557 26557->26434 26558 41cebe 26557->26558 26559 41cec8 __EH_prolog 26558->26559 26560 41d1e0 208 API calls 26559->26560 26561 41cee5 26560->26561 26562 41c1fe 21 API calls 26561->26562 26578 41d009 26561->26578 26563 41cefd 26562->26563 26564 420c44 12 API calls 26563->26564 26565 41cf28 26564->26565 26566 402375 40 API calls 26565->26566 26567 41cf30 26566->26567 26568 4023bd 126 API calls 26567->26568 26569 41cf42 26568->26569 26570 407585 48 API calls 26569->26570 26571 41cf62 26570->26571 26572 41cf72 wsprintfA 26571->26572 26577 41cfe9 26571->26577 26707 4274c5 26571->26707 26573 4025bc 47 API calls 26572->26573 26573->26571 26574 4042e4 ctype 29 API calls 26575 41cffd 26574->26575 26576 4037e4 ctype 40 API calls 26575->26576 26576->26578 26577->26574 26578->26434 26581 41d1e0 208 API calls 26581->26571 26583 406dd4 ctype 26582->26583 26584 4023bd 126 API calls 26583->26584 26585 406e00 26584->26585 26586 4025bc 47 API calls 26585->26586 26587 406e1c ctype 26586->26587 26588 4025bc 47 API calls 26587->26588 26589 406e4b lstrlenA 26588->26589 26590 406e58 26589->26590 26631 406ca1 26589->26631 26710 40729e 81 API calls 2 library calls 26590->26710 26592 406e60 ctype 26593 4025bc 47 API calls 26592->26593 26592->26631 26594 406e8f lstrlenA 26593->26594 26595 406ea0 26594->26595 26594->26631 26596 406ecb 26595->26596 26597 406eb8 lstrcmpiA 26595->26597 26598 4025bc 47 API calls 26596->26598 26597->26596 26599 406f0d lstrlenA 26598->26599 26600 406f28 26599->26600 26601 406f34 26599->26601 26711 428831 6 API calls 26600->26711 26603 4025bc 47 API calls 26601->26603 26604 406f78 lstrcmpA 26603->26604 26605 406faa lstrcmpA 26604->26605 26606 406f8c 26604->26606 26605->26606 26607 4025bc 47 API calls 26606->26607 26631->26429 26631->26440 26636->26423 26638 41d1ea __EH_prolog 26637->26638 26639 41d215 LoadCursorA SetCursor 26638->26639 26653 41d30f ctype 26638->26653 26640 41d234 26639->26640 26642 41d248 ctype 26639->26642 26641 420c44 12 API calls 26640->26641 26641->26642 26643 4204d4 150 API calls 26642->26643 26644 41d289 wsprintfA 26643->26644 26714 41ce57 SetWindowTextA 26644->26714 26646 41d2d0 26647 41fb55 70 API calls 26646->26647 26648 41d2e6 26647->26648 26649 41d315 SetCursor 26648->26649 26650 41d2eb 26648->26650 26651 41d320 26649->26651 26649->26653 26650->26653 26715 42045d 158 API calls 26650->26715 26654 401ded 147 API calls 26651->26654 26653->26436 26654->26653 26655->26423 26669 420d19 26656->26669 26659 41c252 lstrcpyA 26667 41c250 26659->26667 26660 41c217 26661 41c227 lstrcpyA 26660->26661 26664 41c231 26660->26664 26663 41c246 26661->26663 26662 420c44 12 API calls 26666 41c27a 26662->26666 26665 420c44 12 API calls 26663->26665 26668 420a03 4 API calls 26664->26668 26665->26667 26666->26536 26667->26662 26668->26663 26676 420cfa 26669->26676 26672 41c213 26672->26659 26672->26660 26673 420d43 26673->26672 26675 420d48 CharNextA 26673->26675 26674 420d3b CharNextA 26674->26672 26674->26673 26675->26672 26677 420d03 CharNextA 26676->26677 26678 420d0f 26676->26678 26677->26678 26678->26672 26678->26673 26678->26674 26686 4207a0 26679->26686 26683 406d3c 26683->26542 26683->26550 26684->26552 26685->26554 26688 4207b3 26686->26688 26687 406da2 26687->26683 26690 42093b 26687->26690 26688->26687 26695 4207e4 LoadLibraryA 26688->26695 26691 420c44 12 API calls 26690->26691 26692 420959 CreateFileA 26691->26692 26693 420980 CloseHandle DeleteFileA 26692->26693 26694 42097c 26692->26694 26693->26683 26694->26683 26696 4208e7 26695->26696 26697 42080f GetProcAddress 26695->26697 26696->26687 26698 420822 lstrcpyA 26697->26698 26699 420876 GetDiskFreeSpaceA 26697->26699 26700 420cfa CharNextA 26698->26700 26701 4208c6 26699->26701 26702 4208dd FreeLibrary 26699->26702 26703 42083e 26700->26703 26704 420867 26701->26704 26702->26696 26705 42084e GetDiskFreeSpaceExA 26703->26705 26706 420aeb 8 API calls 26703->26706 26704->26702 26705->26702 26705->26704 26706->26705 26708 4274dc 53 API calls 26707->26708 26709 41cfb6 wsprintfA 26708->26709 26709->26581 26710->26592 26711->26601 26714->26646 26715->26653 26716->26447 26717->26453 26719 420c44 12 API calls 26718->26719 26720 410e0b 26719->26720 26721 420c44 12 API calls 26720->26721 26722 410e1c 26721->26722 26723 420c44 12 API calls 26722->26723 26724 410e2d 26723->26724 26749 410e40 26724->26749 26764 410ed5 26727->26764 26730 410e40 133 API calls 26731 4104dd 26730->26731 26735 410519 26731->26735 26735->26456 26743->26472 26744->26474 26745->26478 26748->26467 26750 410e4a __EH_prolog 26749->26750 26751 402375 40 API calls 26750->26751 26752 410e56 26751->26752 26753 4023bd 126 API calls 26752->26753 26754 410e68 26753->26754 26755 4025bc 47 API calls 26754->26755 26756 410e85 26755->26756 26757 410e89 26756->26757 26763 429000 55 API calls __vprintf_l 26756->26763 26759 4042e4 ctype 29 API calls 26757->26759 26760 410eba 26759->26760 26761 4037e4 ctype 40 API calls 26760->26761 26762 4101ec 26761->26762 26762->26456 26762->26457 26762->26458 26763->26757 26765 410edf __EH_prolog 26764->26765 26766 402375 40 API calls 26765->26766 26767 410eee 26766->26767 26768 4023bd 126 API calls 26767->26768 26769 410f00 26768->26769 26770 407585 48 API calls 26769->26770 26771 410f1f 26770->26771 26772 4042e4 ctype 29 API calls 26771->26772 26773 410f43 26772->26773 26774 4037e4 ctype 40 API calls 26773->26774 26775 4104c0 26774->26775 26775->26730 26775->26735 26780 41c460 26779->26780 26781 41c614 26779->26781 26780->26781 26782 41c46d LoadLibraryA GetProcAddress 26780->26782 26781->26299 26781->26372 26829 41d6f3 213 API calls 26781->26829 26783 41c49f 26782->26783 26804 41c497 26782->26804 26784 41c60b FreeLibrary 26783->26784 26785 41c4ba lstrcmpiA 26783->26785 26784->26781 26786 41c4d0 ctype 26785->26786 26785->26804 26843 420ef7 26786->26843 26789 41c522 26794 420519 148 API calls 26789->26794 26790 41c5e3 FreeLibrary 26790->26781 26791 41c5f2 26791->26790 26857 41c679 95 API calls 26791->26857 26795 41c553 26794->26795 26854 42787b 48 API calls 26795->26854 26797 41c570 MessageBoxA 26797->26790 26798 41c592 26797->26798 26799 41c5a1 26798->26799 26800 41c598 26798->26800 26801 420519 148 API calls 26799->26801 26855 41c679 95 API calls 26800->26855 26803 41c5b5 26801->26803 26856 42787b 48 API calls 26803->26856 26804->26784 26806 41c5d2 MessageBoxA 26806->26790 26808 4213f0 26807->26808 26809 4213dc 26807->26809 26808->26302 26862 4288bc 6 API calls 26809->26862 26811 4213e5 26811->26302 26813 40f8b4 26812->26813 26814 40f919 26812->26814 26813->26814 26815 40f8c7 26813->26815 26814->26321 26863 40a506 RegisterClassA 26815->26863 26817 40f8cc CreateDialogParamA 26818 40f903 GetTickCount 26817->26818 26819 40f8fc 26817->26819 26818->26814 26864 40f986 11 API calls 26819->26864 26821 40f902 26821->26818 26823 41ccf5 26822->26823 26824 41ce7d SetWindowTextA 26822->26824 26823->26358 26824->26823 26826 41d423 26825->26826 26827 41cd08 26825->26827 26865 41db77 166 API calls 26826->26865 26827->26366 26827->26372 26829->26306 26830->26323 26831->26313 26832->26322 26833->26307 26834->26312 26835->26355 26836->26314 26837->26314 26838->26350 26839->26359 26840->26365 26841->26338 26842->26372 26844 420f0c 26843->26844 26853 41c501 26843->26853 26845 420f15 lstrcpyA lstrcpyA 26844->26845 26844->26853 26858 420fd2 lstrlenA 26845->26858 26847 420f40 26859 420fd2 lstrlenA 26847->26859 26849 420f4c 26860 429000 55 API calls __vprintf_l 26849->26860 26851 420f88 26861 429000 55 API calls __vprintf_l 26851->26861 26853->26789 26853->26791 26854->26797 26855->26804 26856->26806 26857->26790 26858->26847 26859->26849 26860->26851 26861->26853 26862->26811 26863->26817 26864->26821 26865->26827 26867 4025bc 47 API calls 26866->26867 26868 413c13 26867->26868 26868->26380 26868->26381 26870 4134ce __EH_prolog 26869->26870 27126 41dbcd 26870->27126 26873 413554 26875 41356b 26873->26875 26876 41dbcd 58 API calls 26873->26876 26908 4136a4 26873->26908 26878 4136fc 26875->26878 27129 415269 26875->27129 26876->26875 26880 413720 ctype 26878->26880 26878->26908 27270 4131fc 745 API calls 26878->27270 26882 413767 LoadLibraryA 26880->26882 26893 413a36 26880->26893 26880->26908 26881 413582 26881->26878 26883 4136ab ctype 26881->26883 26894 4135b5 ctype 26881->26894 26884 4139c5 26882->26884 26885 4137aa GetProcAddress GetProcAddress 26882->26885 26890 4156e4 630 API calls 26883->26890 26892 4139f1 26884->26892 27172 4156e4 26884->27172 26885->26884 26903 4137d0 26885->26903 26886 41367d 26891 420de9 GetFileAttributesA 26886->26891 26886->26908 26888 413a74 26889 413a90 26888->26889 27283 4131fc 745 API calls 26888->27283 26902 4025bc 47 API calls 26889->26902 26907 413ac5 26889->26907 26889->26908 26890->26886 26895 413689 26891->26895 26892->26893 26901 413a31 FreeLibrary 26892->26901 26892->26908 26893->26888 27282 4154dc 228 API calls __vprintf_l 26893->27282 26894->26886 26896 41dbcd 58 API calls 26894->26896 26895->26878 26899 41368d 26895->26899 26900 4135e3 SendMessageA 26896->26900 27269 42045d 158 API calls 26899->27269 26909 4156e4 630 API calls 26900->26909 26901->26893 26902->26907 26903->26884 26910 413806 lstrcmpiA 26903->26910 26912 413b03 lstrcatA 26907->26912 26913 413b28 26907->26913 26908->26390 26911 41363d 26909->26911 26910->26884 26914 413818 26910->26914 26911->26908 26915 41366e SendMessageA 26911->26915 26921 4156e4 630 API calls 26911->26921 27284 41d453 86 API calls 3 library calls 26912->27284 26913->26908 27285 416526 209 API calls 26913->27285 26918 401581 __vprintf_l 3 API calls 26914->26918 26915->26886 26920 41383d 26918->26920 26919 413b78 26919->26908 26922 413b7c lstrcmpA 26919->26922 27271 409f43 32 API calls 26920->27271 26924 41366a 26921->26924 26922->26908 26925 413b92 26922->26925 26924->26908 26924->26915 27286 4165c2 208 API calls 26925->27286 26926 413854 27272 4016f0 31 API calls 2 library calls 26926->27272 26929 413861 27273 409f70 48 API calls 2 library calls 26929->27273 26931 413889 27274 4016f0 31 API calls 2 library calls 26931->27274 26933 4138b3 26934 420c44 12 API calls 26933->26934 26935 4138bb 26934->26935 26936 420de9 GetFileAttributesA 26935->26936 26937 4138c1 26936->26937 26938 4138c5 26937->26938 26939 4138d8 lstrcpyA 26937->26939 27281 40191f 33 API calls 2 library calls 26938->27281 26948 4138e8 26939->26948 26941 401581 __vprintf_l 3 API calls 26941->26948 26946 4016f0 31 API calls __vprintf_l 26946->26948 26947 420de9 GetFileAttributesA 26947->26948 26948->26938 26948->26941 26948->26946 26948->26947 26949 413994 26948->26949 27275 409f43 32 API calls 26948->27275 27276 409f70 48 API calls 2 library calls 26948->27276 27277 418446 39 API calls 26948->27277 27278 40191f 33 API calls 2 library calls 26948->27278 27279 4016f0 31 API calls 2 library calls 26949->27279 26951 41399c lstrcpyA 27280 40191f 33 API calls 2 library calls 26951->27280 26954 409900 lstrcpyA 26953->26954 26955 409914 26953->26955 26954->26955 26956 40990f 26954->26956 26955->26396 27361 409845 LoadLibraryA 26956->27361 26959 409965 __EH_prolog 26958->26959 26960 409980 ctype 26959->26960 27367 4095f0 26959->27367 26960->26399 26962 409977 26962->26960 26963 409989 lstrcpyA 26962->26963 26964 40999f 26963->26964 26965 401ded 147 API calls 26964->26965 26965->26960 26967 413ead __vprintf_l __EH_prolog 26966->26967 26968 41413e wsprintfA 26967->26968 26976 413f04 ctype 26967->26976 26969 41411b 26968->26969 26970 420a03 4 API calls 26969->26970 26972 4141a8 lstrlenA 26970->26972 26971 413f57 __vprintf_l 27418 4014ff 43 API calls 2 library calls 26971->27418 26973 4141c6 26972->26973 26974 415692 48 API calls 26973->26974 26975 4141d1 26974->26975 26978 414322 26975->26978 26982 4029bb 43 API calls 26975->26982 26976->26971 26983 41411d wsprintfA 26976->26983 26980 414393 26978->26980 26981 414328 wsprintfA 26978->26981 26979 413f75 27419 417edd 40 API calls 2 library calls 26979->27419 26987 41ceaa 30 API calls 26980->26987 27437 41d453 86 API calls 3 library calls 26981->27437 26986 4141f1 __vprintf_l 26982->26986 26983->26969 26996 403ceb 49 API calls 26986->26996 26991 41439f 26987->26991 26988 413f92 27420 40b7bc 34 API calls 26988->27420 26990 414374 wsprintfA 26990->26980 26993 4143a3 26991->26993 26994 4143fa 26991->26994 26992 413fb1 26995 4029bb 43 API calls 26992->26995 27003 4029bb 43 API calls 26993->27003 26999 4144a7 wsprintfA 26994->26999 27009 414440 wsprintfA 26994->27009 27010 41442a 26994->27010 26998 413fcd 26995->26998 27000 414213 26996->27000 27001 4188ca 66 API calls 26998->27001 27028 41448b 26999->27028 27002 414313 27000->27002 27011 414229 lstrlenA 27000->27011 27008 413fdf 27001->27008 27005 401cf2 ctype 33 API calls 27002->27005 27012 4143c0 27003->27012 27005->26978 27006 414517 27440 41479e 231 API calls 3 library calls 27006->27440 27007 41452c 27014 414538 27007->27014 27015 4146ea 27007->27015 27421 41a686 39 API calls 2 library calls 27008->27421 27009->27028 27010->27009 27017 41444a wsprintfA wsprintfA 27010->27017 27018 41423a lstrcatA 27011->27018 27019 41424c 27011->27019 27438 411ec6 280 API calls 2 library calls 27012->27438 27021 401581 __vprintf_l 3 API calls 27014->27021 27387 40fbf2 27015->27387 27439 41d453 86 API calls 3 library calls 27017->27439 27018->27019 27428 40b6e0 34 API calls 2 library calls 27019->27428 27027 414553 27021->27027 27022 413ff5 27041 403bc0 34 API calls 27022->27041 27025 4143cc 27031 402d6a 31 API calls 27025->27031 27026 41477a 27026->26385 27033 414563 27027->27033 27034 414592 27027->27034 27028->27006 27028->27007 27032 4143dd lstrcatA 27031->27032 27038 401cf2 ctype 33 API calls 27032->27038 27441 4014ff 43 API calls 2 library calls 27033->27441 27444 409f43 32 API calls 27034->27444 27035 41427a 27429 41a721 39 API calls 2 library calls 27035->27429 27038->26994 27046 41403c 27041->27046 27042 414296 27430 41a262 37 API calls 2 library calls 27042->27430 27043 4146fc 27052 414703 GetSystemTimeAsFileTime 27043->27052 27044 4145a0 27445 4016f0 31 API calls 2 library calls 27044->27445 27045 414574 27442 40a1ce 32 API calls __vprintf_l 27045->27442 27422 4021b4 49 API calls 27046->27422 27051 4142ae 27431 41a721 39 API calls 2 library calls 27051->27431 27058 414714 27052->27058 27053 4145ad 27059 4025bc 47 API calls 27053->27059 27054 414584 27443 40191f 33 API calls 2 library calls 27054->27443 27055 41404e 27056 401cf2 ctype 33 API calls 27055->27056 27061 414067 27056->27061 27067 421000 6 API calls 27058->27067 27063 4145cf 27059->27063 27065 401cf2 ctype 33 API calls 27061->27065 27062 4142c1 27432 40191f 33 API calls 2 library calls 27062->27432 27446 409f70 48 API calls 2 library calls 27063->27446 27064 414590 27447 417fc1 236 API calls 2 library calls 27064->27447 27069 414076 27065->27069 27094 414722 27067->27094 27072 401cf2 ctype 33 API calls 27069->27072 27070 4142d3 27433 40191f 33 API calls 2 library calls 27070->27433 27075 414085 27072->27075 27074 414600 27077 414604 27074->27077 27448 4014ff 43 API calls 2 library calls 27074->27448 27078 401cf2 ctype 33 API calls 27075->27078 27076 4142e2 27434 40191f 33 API calls 2 library calls 27076->27434 27456 40191f 33 API calls 2 library calls 27077->27456 27081 414094 27078->27081 27423 4016f0 31 API calls 2 library calls 27081->27423 27082 4142f1 27435 4016f0 31 API calls 2 library calls 27082->27435 27084 414627 27449 40a71d 166 API calls 2 library calls 27084->27449 27086 414527 27086->27026 27088 41463a 27450 40191f 33 API calls 2 library calls 27088->27450 27089 4142f9 lstrcatA 27436 40191f 33 API calls 2 library calls 27089->27436 27395 417ea2 27094->27395 27095 414646 27451 40a8fa 162 API calls __vprintf_l 27095->27451 27096 41476c 27099 414770 27096->27099 27100 41477f 27096->27100 27097 4140bf 27424 4016f0 31 API calls 2 library calls 27097->27424 27398 415010 27099->27398 27457 413d18 55 API calls 2 library calls 27100->27457 27102 414651 27118 414655 27102->27118 27452 40a943 67 API calls 3 library calls 27102->27452 27105 4140c9 wsprintfA 27425 40191f 33 API calls 2 library calls 27105->27425 27107 4140fd 27426 40191f 33 API calls 2 library calls 27107->27426 27110 414669 27113 4146aa 27110->27113 27117 414670 27110->27117 27112 41410c 27427 40191f 33 API calls 2 library calls 27112->27427 27454 41479e 231 API calls 3 library calls 27113->27454 27117->27118 27453 42045d 158 API calls 27117->27453 27455 40a79a 33 API calls __vprintf_l 27118->27455 27120 40994a 27119->27120 27121 409953 FreeLibrary 27120->27121 27122 40995a 27120->27122 27121->27122 27122->26385 27123->26395 27124->26384 27125->26397 27127 420ef7 58 API calls 27126->27127 27128 413526 27127->27128 27128->26873 27268 4131fc 745 API calls 27128->27268 27287 420613 lstrcpyA lstrcpyA GetFileVersionInfoSizeA 27129->27287 27132 420ef7 58 API calls 27133 4152bf 27132->27133 27134 41dbcd 58 API calls 27133->27134 27171 41537c 27133->27171 27135 4152e4 27134->27135 27136 415335 27135->27136 27137 4152eb 27135->27137 27306 41dbb0 58 API calls 27136->27306 27142 4152fb 27137->27142 27304 4252b1 GetCurrentProcess IsWow64Process 27137->27304 27141 41532e 27307 421d59 77 API calls ctype 27141->27307 27142->27141 27305 4252b1 GetCurrentProcess IsWow64Process 27142->27305 27144 415304 27146 41530c GetVersionExA 27144->27146 27144->27171 27146->27141 27146->27171 27147 415351 27148 41535b 27147->27148 27149 4153fa 27147->27149 27148->27171 27308 42123b 41 API calls 2 library calls 27148->27308 27151 415410 27149->27151 27152 41dbcd 58 API calls 27149->27152 27312 41db77 166 API calls 27151->27312 27154 41540c 27152->27154 27153 415368 27156 415384 GetTempPathA 27153->27156 27157 41536c 27153->27157 27154->27151 27158 41541e 27154->27158 27160 4153b4 27156->27160 27161 4153c7 GetWindowsDirectoryA 27156->27161 27309 42045d 158 API calls 27157->27309 27162 4025bc 47 API calls 27158->27162 27310 414f77 166 API calls 27160->27310 27165 4153d9 27161->27165 27161->27171 27164 415447 27162->27164 27168 4204d4 150 API calls 27164->27168 27164->27171 27311 414f77 166 API calls 27165->27311 27166 4153c3 27166->27161 27166->27171 27169 41548d wsprintfA 27168->27169 27313 420305 lstrcpyA DialogBoxParamA __EH_prolog ctype 27169->27313 27171->26881 27173 4156ee __EH_prolog 27172->27173 27174 407585 48 API calls 27173->27174 27176 41572e ctype 27173->27176 27175 415762 27174->27175 27177 4025bc 47 API calls 27175->27177 27178 415793 27176->27178 27179 415c34 27176->27179 27177->27176 27181 415c16 27178->27181 27182 41579a 27178->27182 27180 420c44 12 API calls 27179->27180 27183 4157bb 27180->27183 27314 415d4d 27181->27314 27184 4157a1 27182->27184 27185 415847 27182->27185 27192 420de9 GetFileAttributesA 27183->27192 27205 4157e3 27183->27205 27188 4157a4 27184->27188 27189 4157ec 27184->27189 27187 403bc0 34 API calls 27185->27187 27190 41587d 27187->27190 27196 420c44 12 API calls 27188->27196 27188->27205 27325 415692 27189->27325 27331 4014ff 43 API calls 2 library calls 27190->27331 27193 4157c3 27192->27193 27193->27205 27324 42045d 158 API calls 27193->27324 27195 4157f6 27198 415832 lstrcpyA 27195->27198 27199 4157fb 27195->27199 27196->27183 27197 415897 27332 4014ff 43 API calls 2 library calls 27197->27332 27198->27205 27329 415db0 588 API calls 2 library calls 27199->27329 27203 4158b5 27333 415c68 43 API calls 3 library calls 27203->27333 27204 415814 27204->27205 27330 41d453 86 API calls 3 library calls 27204->27330 27205->26892 27207 4158c3 27334 418b8b 43 API calls 27207->27334 27210 4158d0 27335 415d09 36 API calls 3 library calls 27210->27335 27212 4158de 27336 428980 44 API calls ctype 27212->27336 27214 415bca 27357 415e95 586 API calls 3 library calls 27214->27357 27216 401581 GetLastError SetLastError SysFreeString __vprintf_l 27252 4158ed 27216->27252 27217 415bdd 27218 415bba 27217->27218 27219 415bf2 27217->27219 27358 418b58 36 API calls ctype 27218->27358 27222 402d6a 31 API calls 27219->27222 27223 415bfd ctype 27222->27223 27359 418b58 36 API calls ctype 27223->27359 27226 415c14 27226->27205 27227 4016f0 31 API calls __vprintf_l 27227->27252 27228 421b63 206 API calls 27228->27252 27230 415a6c 27346 40191f 33 API calls 2 library calls 27230->27346 27232 415a78 27347 40191f 33 API calls 2 library calls 27232->27347 27235 415a86 27237 401581 __vprintf_l 3 API calls 27235->27237 27236 403bc0 34 API calls 27236->27252 27238 415aa9 27237->27238 27348 409f43 32 API calls 27238->27348 27241 415ac0 27349 4016f0 31 API calls 2 library calls 27241->27349 27244 415acd 27245 421b63 206 API calls 27244->27245 27247 415adf 27245->27247 27350 409f70 48 API calls 2 library calls 27247->27350 27250 415af1 27351 428e3c 52 API calls 27250->27351 27252->27214 27252->27216 27252->27227 27252->27228 27252->27230 27252->27236 27254 40191f 33 API calls __vprintf_l 27252->27254 27337 41865e 82 API calls 27252->27337 27338 409f43 32 API calls 27252->27338 27339 409f70 48 API calls 2 library calls 27252->27339 27340 420a75 lstrcpyA CharNextA lstrcpyA lstrcpyA 27252->27340 27341 4014ff 43 API calls 2 library calls 27252->27341 27342 40aeca 34 API calls __vprintf_l 27252->27342 27343 415c68 43 API calls 3 library calls 27252->27343 27344 418b8b 43 API calls 27252->27344 27345 415d09 36 API calls 3 library calls 27252->27345 27254->27252 27255 415b0c 27258 415b26 27255->27258 27352 428e3c 52 API calls 27255->27352 27257 4207e4 15 API calls 27259 415b53 27257->27259 27258->27257 27260 415bbc 27259->27260 27353 429326 29 API calls __vprintf_l 27259->27353 27356 40191f 33 API calls 2 library calls 27260->27356 27263 415b73 27263->27260 27264 415b83 27263->27264 27268->26873 27269->26908 27270->26880 27271->26926 27272->26929 27273->26931 27274->26933 27275->26948 27276->26948 27277->26948 27278->26948 27279->26951 27280->26938 27281->26884 27282->26888 27283->26889 27284->26913 27285->26919 27286->26908 27288 420651 27287->27288 27289 4152b3 27287->27289 27290 427a79 ctype 29 API calls 27288->27290 27289->27132 27291 420657 ctype 27290->27291 27292 420662 GetFileVersionInfoA 27291->27292 27293 420792 27292->27293 27294 42067a ctype 27292->27294 27295 427990 ctype 29 API calls 27293->27295 27296 42068c VerQueryValueA 27294->27296 27295->27289 27297 4206d5 ctype 27296->27297 27298 4206ab wsprintfA 27296->27298 27299 4206e3 VerQueryValueA 27297->27299 27298->27297 27299->27293 27300 420703 __vprintf_l 27299->27300 27300->27293 27301 420752 wsprintfA 27300->27301 27302 420769 wsprintfA 27300->27302 27303 420781 lstrcpyA 27301->27303 27302->27303 27303->27293 27303->27300 27304->27142 27305->27144 27306->27141 27307->27147 27308->27153 27309->27171 27310->27166 27311->27171 27312->27171 27313->27171 27315 415d63 27314->27315 27316 41d1e0 208 API calls 27315->27316 27317 415d6a 27316->27317 27318 420c44 12 API calls 27317->27318 27323 415da3 27317->27323 27319 415d7e 27318->27319 27320 420de9 GetFileAttributesA 27319->27320 27321 415d86 27320->27321 27321->27323 27360 42045d 158 API calls 27321->27360 27323->27205 27324->27205 27326 4156a0 27325->27326 27327 407585 48 API calls 27326->27327 27328 4156c2 27327->27328 27328->27195 27329->27204 27330->27205 27331->27197 27332->27203 27333->27207 27334->27210 27335->27212 27336->27252 27337->27252 27338->27252 27339->27252 27340->27252 27341->27252 27342->27252 27343->27252 27344->27252 27345->27252 27346->27232 27347->27235 27348->27241 27349->27244 27350->27250 27351->27255 27352->27258 27353->27263 27356->27214 27357->27217 27358->27205 27359->27226 27360->27323 27362 40985d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 27361->27362 27363 4098de 27361->27363 27364 4098b1 27362->27364 27365 4098cb FreeLibrary 27362->27365 27363->26955 27364->27365 27366 4098c7 27364->27366 27365->27363 27366->26955 27376 409390 27367->27376 27370 409634 27372 409653 CloseHandle 27370->27372 27373 40963b 27370->27373 27371 409617 27371->26962 27375 409662 ctype 27372->27375 27374 409647 CloseHandle 27373->27374 27374->27371 27375->27371 27384 40972f 27376->27384 27379 4093e2 27380 4093f4 27379->27380 27381 4093e8 27379->27381 27380->27370 27380->27371 27386 40935d SetFilePointer GetLastError 27381->27386 27383 4093f1 27383->27380 27385 4093bf CreateFileA 27384->27385 27385->27379 27385->27380 27386->27383 27458 41010a 27387->27458 27391 40fc2c 27391->27026 27392 40f959 IsWindow 27391->27392 27393 40f985 27392->27393 27394 40f969 ShowWindow ShowWindow 27392->27394 27393->27043 27394->27393 27396 420a03 4 API calls 27395->27396 27397 417ec1 27396->27397 27397->27096 27399 41501a __EH_prolog 27398->27399 27400 40f736 __vprintf_l 2 API calls 27399->27400 27401 415046 27400->27401 27402 415061 RegEnumValueA 27401->27402 27403 41504a 27401->27403 27406 41514f 27402->27406 27409 4150b1 27402->27409 27404 415053 RegCloseKey 27403->27404 27405 415159 27403->27405 27404->27405 27405->27026 27406->27405 27418->26979 27419->26988 27420->26992 27421->27022 27422->27055 27423->27097 27424->27105 27425->27107 27426->27112 27427->26969 27428->27035 27429->27042 27430->27051 27431->27062 27432->27070 27433->27076 27434->27082 27435->27089 27436->27002 27437->26990 27438->27025 27439->27028 27440->27086 27441->27045 27442->27054 27443->27064 27444->27044 27445->27053 27446->27064 27447->27074 27448->27084 27449->27088 27450->27095 27451->27102 27452->27110 27453->27118 27454->27118 27455->27077 27456->27086 27457->27026 27459 410114 __EH_prolog 27458->27459 27460 4025bc 47 API calls 27459->27460 27461 41015c 27460->27461 27462 410160 lstrcmpA 27461->27462 27463 40fc0f GetTickCount 27461->27463 27462->27463 27464 410172 27462->27464 27466 40fbaf 27463->27466 27474 4288bc 6 API calls 27464->27474 27467 40fbb8 27466->27467 27468 40fbef 27466->27468 27467->27468 27469 40fbc1 GetTickCount 27467->27469 27468->27391 27470 40fbd1 27469->27470 27471 40fbe7 27470->27471 27472 40fbda GetTickCount 27470->27472 27475 40fb45 PeekMessageA IsDialogMessageA TranslateMessage DispatchMessageA 27470->27475 27471->27391 27472->27470 27472->27471 27474->27463 27475->27470 27476->25804 27478 401eb1 CreateWindowExA 27477->27478 27480 4019bd 27477->27480 27479 401ed9 27478->27479 27478->27480 27481 401ee6 GetMessageA 27479->27481 27480->25364 27481->27480 27482 401eec TranslateMessage DispatchMessageA 27481->27482 27482->27481

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00413EA3 Relevance: 70.7, APIs: 16, Strings: 24, Instructions: 653stringtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 408 413ea3-413ee4 call 427498 call 427bc0 call 401046 415 413eea-413ef1 408->415 416 41413e-414159 wsprintfA 408->416 415->416 417 413ef7-413efe 415->417 418 41415c-4141c4 call 41c1a9 call 420a03 lstrlenA 416->418 417->416 419 413f04-413f30 call 428f80 417->419 430 4141c6 418->430 431 4141c9-4141d3 call 415692 418->431 425 413f32-413f51 call 426fd0 call 428f80 419->425 426 413f57-414006 call 427800 call 4014ff call 417edd call 40b7bc call 4029bb call 4188ca call 41a686 419->426 425->426 445 41411d-41413c wsprintfA 425->445 505 414008 426->505 506 41400d-414023 426->506 430->431 438 414322-414326 431->438 439 4141d9-414216 call 4029bb call 427bef call 403ceb 431->439 442 414393-4143a1 call 41ceaa 438->442 443 414328-414390 wsprintfA call 41d453 wsprintfA 438->443 474 414313-41431d call 401cf2 439->474 475 41421c-414223 439->475 457 4143a3-4143f5 call 41c1a9 call 4029bb call 411ec6 call 402d6a lstrcatA call 401cf2 442->457 458 4143fa-41441a 442->458 443->442 445->418 457->458 460 414420-414421 458->460 461 4144ef-4144ff 458->461 466 4144d1-4144ed 460->466 467 414427-414428 460->467 464 414504-41450d wsprintfA 461->464 470 414510-414515 464->470 477 4144c3-4144cf wsprintfA 466->477 472 4144a7-4144be 467->472 473 41442a-41442b 467->473 479 414517-414527 call 41479e 470->479 480 41452c-414532 470->480 472->477 482 414490-4144a5 473->482 483 41442d-41443e 473->483 474->438 475->474 484 414229-414238 lstrlenA 475->484 477->470 503 41478a-41478c 479->503 487 414538-414561 call 401581 480->487 488 4146ea-4146f1 call 40fbf2 480->488 482->464 490 414440-414445 483->490 491 41444a-41448b wsprintfA * 2 call 41d453 483->491 492 41423a-414246 lstrcatA 484->492 493 41424c-414261 484->493 513 414563-414590 call 4014ff call 40a1ce call 40191f 487->513 514 414592-4145d6 call 409f43 call 4016f0 call 4025bc call 409f70 487->514 488->503 511 4146f7-414732 call 40f959 call 417fbc GetSystemTimeAsFileTime call 428a8e call 421000 call 41d35a 488->511 490->464 491->470 492->493 499 414263 493->499 500 414268-41430e call 40b6e0 call 41a721 call 41a262 call 41a721 call 40191f * 3 call 4016f0 lstrcatA call 40191f 493->500 499->500 500->474 517 41478d-41479b 503->517 505->506 515 414025 506->515 516 41402a-41409f call 403bc0 call 4021b4 call 401cf2 * 4 506->516 570 414734 511->570 571 41473e-414747 call 41d43f 511->571 550 4145db-414602 call 417fc1 513->550 514->550 515->516 579 4140a1 516->579 580 4140a4-4140ad 516->580 566 414612-414653 call 4014ff call 40a71d call 40191f call 40a8fa 550->566 567 414604-41460d 550->567 610 414655-414657 566->610 611 414659-41466e call 40a943 566->611 572 4146d7-4146e5 call 40191f 567->572 570->571 589 414762-41476e call 417ea2 571->589 590 414749-41474f 571->590 572->517 579->580 586 4140b4-41411b call 4016f0 * 2 wsprintfA call 40191f * 3 580->586 587 4140af 580->587 586->418 587->586 602 414770-414775 call 415010 589->602 603 41477f-414785 call 413d18 589->603 590->589 591 414751-414757 590->591 591->589 596 414759-41475d call 41d432 591->596 596->589 612 41477a-41477d 602->612 603->503 614 4146c8-4146d2 call 40a79a 610->614 620 414670-414673 611->620 621 4146aa-4146ba call 41479e 611->621 612->503 614->572 624 4146a3-4146a8 620->624 625 414675-414678 620->625 628 4146bf-4146c7 621->628 627 414691-414697 call 42045d 624->627 629 41467a-41467d 625->629 630 41469c-4146a1 625->630 627->628 628->614 629->628 632 41467f-414681 629->632 630->627 632->628 634 414683-41468a 632->634 635 414699-41469a 634->635 636 41468c 634->636 635->627 636->627
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00413EA8
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004140EC
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                  • Part of subcall function 00409F70: GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: __EH_prolog.LIBCMT ref: 0040A722
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: LoadLibraryA.KERNEL32(00000000,?,00000000,?,00000003,?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?), ref: 0040A753
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: GetLastError.KERNEL32(?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?,00000032), ref: 0040A764
                                                                                                                                                                                                                  • Part of subcall function 0040A8FA: GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 0040A90A
                                                                                                                                                                                                                  • Part of subcall function 0040A8FA: GetLastError.KERNEL32 ref: 0040A914
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414137
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414157
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004141AF
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00414230
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043DAC8), ref: 00414246
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00414301
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041435A
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041438E
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000), ref: 004143E5
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414456
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414471
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041450B
                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00414707
                                                                                                                                                                                                                  • Part of subcall function 00413D18: __EH_prolog.LIBCMT ref: 00413D1D
                                                                                                                                                                                                                  • Part of subcall function 00413D18: GetTempPathA.KERNEL32(00000400,00000000,00000000,00000003), ref: 00413D4F
                                                                                                                                                                                                                  • Part of subcall function 00413D18: FindFirstFileA.KERNEL32(00000000,?,|dC,*.mst,?,00000000,00000000,?,00000001), ref: 00413DD1
                                                                                                                                                                                                                  • Part of subcall function 00413D18: CompareFileTime.KERNEL32(?,?), ref: 00413DEE
                                                                                                                                                                                                                  • Part of subcall function 00413D18: DeleteFileA.KERNEL32(00000000,?,?,?,00000001,00000000,?,00000001), ref: 00413E54
                                                                                                                                                                                                                  • Part of subcall function 00413D18: FindNextFileA.KERNEL32(00000000,?), ref: 00413E6E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wsprintf$ErrorLast$H_prolog$File$Timelstrcatlstrlen$Find$AddressByteCharCompareDeleteFirstFreeLibraryLoadMultiNextPathProcStringSystemTempWide
                                                                                                                                                                                                                • String ID: %s %s$%s /a "%s"%s$%s /f%s "%s" %s$%s /i "%s" %s$%s /j%s "%s" %s$%s /p "%s" %s$%s /x "%s" %s$%s TRANSFORMS="%s"$%s%s%s%s%s%s$%s="%s"$/p"%s" %s$0$D$0$D$4$D$4$D$ActiveMark.dat$ISSCRIPTCMDLINE$TRANSFORMS=$TRANSFORMS="$\$tdC$tdC$|dC$|dC
                                                                                                                                                                                                                • API String ID: 1008137369-1261308446
                                                                                                                                                                                                                • Opcode ID: 9c262b8f7c59074c6a629f34ee9eda31d9b95ba98371923fc9865bf9e6c96085
                                                                                                                                                                                                                • Instruction ID: 14eb990ffad4f9568558a39ce652d059c6757e4c979fc51e2508f71c49f58924
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c262b8f7c59074c6a629f34ee9eda31d9b95ba98371923fc9865bf9e6c96085
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16420471D04218AADF20DBA0CC81BEE7779AB45304F1440BFF50AA71C1DB789B89CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004101BC Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 120librarystringloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1054 4101bc-4101f1 call 427498 lstrcpyA * 2 call 410df0 1059 4101f7-4101fa 1054->1059 1060 410338-410344 1054->1060 1061 410200-410216 LoadLibraryA 1059->1061 1062 410327-410330 call 4104ad 1059->1062 1063 4102f0-4102f6 1061->1063 1064 41021c-4102ad GetProcAddress call 402375 call 4023bd call 401581 call 409f43 call 4016f0 call 4025bc call 409f70 1061->1064 1069 410335 1062->1069 1066 410305-410308 1063->1066 1067 4102f8-410300 1063->1067 1087 4102c3-4102ef call 40191f call 4042e4 call 4037e4 1064->1087 1088 4102af-4102bd call 4016f0 1064->1088 1066->1062 1071 41030a-410325 call 41035b 1066->1071 1067->1066 1070 410302 1067->1070 1069->1060 1070->1066 1071->1060 1087->1063 1088->1087 1097 4102bf 1088->1097 1097->1087
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004101C1
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?), ref: 004101D8
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00443D50,?), ref: 004101E2
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(Msi.dll), ref: 00410205
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiQueryProductStateA), ref: 00410224
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                  • Part of subcall function 00409F70: GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • tdC, xrefs: 00410254
                                                                                                                                                                                                                • ProductCode, xrefs: 0041028A
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 00410234
                                                                                                                                                                                                                • Msi.dll, xrefs: 00410200
                                                                                                                                                                                                                • |dC, xrefs: 0041026A
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 004101D3
                                                                                                                                                                                                                • MsiQueryProductStateA, xrefs: 0041021E
                                                                                                                                                                                                                • Startup, xrefs: 0041028F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ErrorLast$lstrcpy$AddressByteCharLibraryLoadMultiProcWidelstrlen
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Msi.dll$MsiQueryProductStateA$ProductCode$Startup$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1129170967-3113224644
                                                                                                                                                                                                                • Opcode ID: 4da015a2dfada147bf9245ae58214c3b552348513d75d08bbd39ad31faa11db1
                                                                                                                                                                                                                • Instruction ID: 58226bd76efee846d6959de343797b5e200357f0817412cffed51d7c1baf02a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4da015a2dfada147bf9245ae58214c3b552348513d75d08bbd39ad31faa11db1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641A131D01219EFCF05EFA1C945ADEBBB4AF18704F10805BF81563192DBB89A94CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00415269 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 194COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1191 415269-4152ae call 420613 1193 4152b3-4152c4 call 420ef7 1191->1193 1196 4154d2 1193->1196 1197 4152ca-4152e9 call 401046 call 41c0fc call 41dbcd 1193->1197 1198 4154d4 1196->1198 1206 415335-415343 call 41dbb0 1197->1206 1207 4152eb-4152ef 1197->1207 1200 4154d5-4154d9 1198->1200 1216 415345 1206->1216 1217 41534a-415355 call 421d59 1206->1217 1209 4152f1-4152f4 1207->1209 1210 4152f6-4152fd call 4252b1 1207->1210 1209->1210 1213 4152ff-415306 call 4252b1 1209->1213 1210->1213 1218 41532e-415333 1210->1218 1221 4154cd-4154d0 1213->1221 1222 41530c-415328 GetVersionExA 1213->1222 1216->1217 1224 41535b-41535d 1217->1224 1225 4153fa-4153fd 1217->1225 1218->1217 1221->1200 1222->1218 1222->1221 1228 4153f3-4153f5 1224->1228 1229 415363-41536a call 42123b 1224->1229 1226 415405-41540e call 41dbcd 1225->1226 1227 4153ff-415403 1225->1227 1231 415410-415419 call 41db77 1226->1231 1238 41541e-41544e call 4025bc 1226->1238 1227->1226 1227->1231 1228->1200 1236 415384-4153b2 GetTempPathA 1229->1236 1237 41536c-41537f call 42045d 1229->1237 1231->1198 1241 4153b4-4153c5 call 414f77 1236->1241 1242 4153c7-4153d7 GetWindowsDirectoryA 1236->1242 1237->1198 1238->1221 1249 415450-415457 1238->1249 1241->1242 1251 4153ec-4153ee 1241->1251 1242->1228 1247 4153d9-4153ea call 414f77 1242->1247 1247->1228 1247->1251 1249->1221 1252 415459-4154ca call 4204d4 wsprintfA call 420305 1249->1252 1251->1200 1252->1221
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00420613: lstrcpyA.KERNEL32(00000001,00442430,?,00000000,00000000), ref: 00420633
                                                                                                                                                                                                                  • Part of subcall function 00420613: lstrcpyA.KERNEL32(00000000,00442430), ref: 00420639
                                                                                                                                                                                                                  • Part of subcall function 00420613: GetFileVersionInfoSizeA.VERSION(00000000,00000000), ref: 00420642
                                                                                                                                                                                                                  • Part of subcall function 00420613: GetFileVersionInfoA.VERSION(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0042066D
                                                                                                                                                                                                                  • Part of subcall function 00420613: VerQueryValueA.VERSION(00000000,0043E0A4,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004206A2
                                                                                                                                                                                                                  • Part of subcall function 00420613: wsprintfA.USER32 ref: 004206CC
                                                                                                                                                                                                                  • Part of subcall function 00420613: VerQueryValueA.VERSION(00000000,\VarFileInfo\Translation,00000000,00000000,0043E0A4,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004206F6
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,00000000,?,00000000), ref: 00420F26
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,?,?,00000000), ref: 00420F32
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?,00000001,00000000,00000000), ref: 0041531D
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,00000000,?,?,00000001,00000000,00000000), ref: 004153AA
                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(00000000,00000400,?,?,00000001,00000000,00000000), ref: 004153CF
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004154B8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$Version$FileInfoQueryValuewsprintf$DirectoryPathSizeTempWindows
                                                                                                                                                                                                                • String ID: Msi.DLL$SupportOS$SupportOSMsi12$SupportOSMsi30$Y
                                                                                                                                                                                                                • API String ID: 3417613323-835925834
                                                                                                                                                                                                                • Opcode ID: 4f8dfe36798ef94ba97aa7ffead675af4eb47f3d8f4aec6fd40e97ad48b4c574
                                                                                                                                                                                                                • Instruction ID: 620f16ec86a7931f0017723438644b6c20194c40a031239036005d52006f1718
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f8dfe36798ef94ba97aa7ffead675af4eb47f3d8f4aec6fd40e97ad48b4c574
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F510671A05659EBEF209B65DC04BEA77B8AB84308F1404BBE605E3181DB7CDEC48B5D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004207E4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88librarystringloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(KERNEL32,0000044F,00000000), ref: 004207FE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 00420816
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 0042082C
                                                                                                                                                                                                                  • Part of subcall function 00420CFA: CharNextA.USER32(00000000,00420D25,74DE83C0,00000000,00000000,0041C213,?,74DE83C0,00000000), ref: 00420D04
                                                                                                                                                                                                                • GetDiskFreeSpaceExA.KERNELBASE(?,00406C10,00000400,00000000,?), ref: 00420861
                                                                                                                                                                                                                  • Part of subcall function 00420AEB: CharNextA.USER32(?,74DE8B60,?,00000000,00420C84,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B00
                                                                                                                                                                                                                  • Part of subcall function 00420AEB: CharPrevA.USER32(?,?,74DE8B60,?,00000000,00420C84,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B09
                                                                                                                                                                                                                  • Part of subcall function 00420AEB: CharNextA.USER32(00000000,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B21
                                                                                                                                                                                                                  • Part of subcall function 00420AEB: CharNextA.USER32(00000000,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B27
                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(?,00000000,?,00000000,00000000), ref: 004208BC
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(0000044F), ref: 004208E0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Char$Next$Free$DiskLibrarySpace$AddressLoadPrevProclstrcpy
                                                                                                                                                                                                                • String ID: GetDiskFreeSpaceExA$KERNEL32
                                                                                                                                                                                                                • API String ID: 711836960-2868000099
                                                                                                                                                                                                                • Opcode ID: 31872fbbc97fb7e305fa4055a83fdcbbd2ab37acb5544c350440022e4b0a1095
                                                                                                                                                                                                                • Instruction ID: 52b30cabf4eab4b8bce74ee59a8e60cce33e4acbec4d49c24e9d528cf066a4aa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31872fbbc97fb7e305fa4055a83fdcbbd2ab37acb5544c350440022e4b0a1095
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A311AB2A0025DABCF10DFA5D8849DFBBFCBB08310F5081A6E555E7252DA34DA44CFA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404008 Relevance: 12.1, APIs: 8, Instructions: 61memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000,00000000,?,00000000,?,00403215,000000FF,?,?,00000000,000000FF,?,74DE8B60,?,00000000), ref: 00404016
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000001,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404035
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404038
                                                                                                                                                                                                                • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404056
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404074
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404077
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404083
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00403215,000000FF,?,?,00000000,000000FF,?), ref: 00404086
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FileFree$AllocateReadSize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3605603088-0
                                                                                                                                                                                                                • Opcode ID: 2e3915a82b6920d76a7f0eb4efcae5ee14de5d5b3f378b080e4d2497bb0471ed
                                                                                                                                                                                                                • Instruction ID: 2f92f49b8bd053433d4c4ebd0ebfc2d85ec07220a95d70ff98fc06e2c8e14aa0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e3915a82b6920d76a7f0eb4efcae5ee14de5d5b3f378b080e4d2497bb0471ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 151186715042057FEB10ABA5DC4CF6B3B6CDF85724F01816AFA04DB190CA749800CB78
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041AD16 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?), ref: 0041AD43
                                                                                                                                                                                                                • GetSystemInfo.KERNELBASE(?,?,?), ref: 0041AD83
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoSystemVersion
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1934062620-0
                                                                                                                                                                                                                • Opcode ID: 7c068f0f100b94e8adfbe31a446dcd521352a9bc7a9b351846718b74bd46e3ed
                                                                                                                                                                                                                • Instruction ID: 960f14a74b2d4bd285954005ada4d868c4f2650f8c1e33dcadc0e800b090c640
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c068f0f100b94e8adfbe31a446dcd521352a9bc7a9b351846718b74bd46e3ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34217FB0D02629DBDF20CF94D845BEEBBB5EB44302F50405BE509A3780D7784A84CB9A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004213BE Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLocaleInfoA.KERNELBASE(?,00001004,0041CA77,00000014,0041CA77,?,?,?,00000000), ref: 004213D2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                                                                • Opcode ID: f2c5954b0879a35d3449f508275630fa45f583632f663badc58c97b207ffc58c
                                                                                                                                                                                                                • Instruction ID: f1b88fb7da1ad2f9c85fddaedb67e38f8266722f0b4c2387903e5a5c6787fd00
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2c5954b0879a35d3449f508275630fa45f583632f663badc58c97b207ffc58c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE086313002086AEB01EFA4EC02E9B37AD9B44748F500025FB05E91E1EAB0D94187A4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404DE4 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: acffcc010dddb7a6a31ecdca460e7c07fe15e28c63bb4281974fa0c29f58670d
                                                                                                                                                                                                                • Instruction ID: 5ca9ff18eb06532004dff265180d4021c07b9e00f9ca0b6d1bf0e5e05ac1e64f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: acffcc010dddb7a6a31ecdca460e7c07fe15e28c63bb4281974fa0c29f58670d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E0863220435157C320DF05DC01E57BBA5AFC1714F08486EF69457252C3A5A815C795
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041E070 Relevance: 72.7, APIs: 18, Strings: 23, Instructions: 922filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 41e070-41e0ea CoInitialize call 427d00 call 41ed52 call 41eddd * 2 9 41e158-41e15b 0->9 10 41e0ec-41e11d call 40a7bd call 40a71d call 40191f call 40a8fa 0->10 12 41e175-41e1ca call 401581 call 41f594 call 40a013 call 41eddd 9->12 13 41e15d-41e16f call 41eddd 9->13 49 41e127-41e146 call 4014ff call 40ab3b 10->49 50 41e11f-41e125 10->50 60 41e1d7-41e1da 12->60 61 41e1cc-41e1d2 call 4016c7 12->61 13->12 22 41e21a-41e21e 13->22 24 41e3c4-41e3cb 22->24 25 41e224-41e228 22->25 30 41e3cd-41e3d1 24->30 31 41e3ef-41e446 call 402838 call 41b897 call 41f6c3 call 41eddd 24->31 28 41e22a-41e22c 25->28 29 41e22e-41e232 25->29 28->29 34 41e28d-41e28f 28->34 29->34 35 41e234 29->35 36 41e3d3-41e3d5 30->36 37 41e3d7-41e3dc 30->37 101 41e448-41e45b call 41f5e7 31->101 102 41e46e-41e479 31->102 41 41e291-41e293 34->41 42 41e295-41e29b 34->42 44 41e237-41e23d 35->44 36->31 36->37 45 41e3e2-41e3ec 37->45 46 41e3de-41e3e0 37->46 41->42 51 41e2ec-41e2ee 41->51 52 41e2a2-41e2e7 wsprintfA call 4210dd 42->52 53 41e29d-41e2a0 42->53 44->44 55 41e23f-41e288 wsprintfA call 421000 call 40197c call 4019b0 call 4019a9 44->55 45->31 46->31 46->45 57 41e148-41e153 call 40a79a 49->57 50->57 62 41e2f0-41e2f2 51->62 63 41e2f8-41e2fd 51->63 79 41ec7c-41ec8c call 41ed97 CoUninitialize 52->79 53->51 53->52 55->79 86 41ed3b-41ed49 call 41ed97 CoUninitialize 57->86 70 41e1dc-41e20a call 40aeca call 41f28b call 40191f 60->70 71 41e20f-41e215 call 40191f 60->71 61->60 62->24 62->63 73 41e307 63->73 74 41e2ff-41e301 63->74 70->86 71->22 82 41e30a-41e30f 73->82 74->24 74->73 103 41ed4b-41ed4f 79->103 82->82 89 41e311-41e359 lstrcpyA lstrlenA 82->89 86->103 90 41e360-41e366 89->90 91 41e35b-41e35e 89->91 98 41e368-41e36b 90->98 99 41e36d-41e374 90->99 91->90 97 41e377-41e3bf lstrcpyA call 421afe 91->97 97->86 98->97 98->99 99->97 119 41e462-41e469 call 403c5c 101->119 120 41e45d 101->120 109 41e52b-41e54f call 402d6a lstrcpyA call 420b32 102->109 110 41e47f-41e4ec call 4021e9 call 402d6a GetTempPathA call 4022fb call 403bc0 call 41f5af call 4222c3 102->110 128 41e551-41e55c lstrlenA 109->128 129 41e562-41e565 109->129 155 41e4f1-41e528 call 401d6c call 401cf2 call 403e43 call 401cf2 110->155 119->102 120->119 128->129 131 41ecd8-41ed0f call 4208ee call 40e520 call 40e565 call 40e6aa 128->131 132 41e587-41e7b9 call 4029bb call 402216 call 401cf2 call 402216 call 4029bb call 402a71 call 401cf2 call 40197c call 41883f * 2 call 402d6a * 2 CopyFileA call 4021e9 call 402d6a call 401ded call 4022fb call 4029bb call 41883f call 401d6c call 401cf2 * 2 call 4029bb call 41883f call 401d6c call 401cf2 * 2 call 402d6a * 2 CopyFileA call 4021e9 call 402d6a call 401ded call 4022fb call 4029bb call 41883f call 401d6c call 401cf2 * 2 129->132 133 41e567-41e570 call 420be0 129->133 162 41ed14-41ed36 call 40e550 call 407f15 call 401cf2 131->162 240 41e7c0-41e8ba call 403bc0 call 41883f call 401d6c call 401cf2 * 2 call 402d6a * 2 CopyFileA call 4021e9 call 402d6a call 401ded call 4022fb call 402838 call 4021e9 call 402d6a call 421b63 call 4022fb 132->240 241 41e7bb 132->241 133->131 145 41e576-41e581 call 41f108 133->145 145->131 145->132 155->109 162->86 274 41e8e6-41e968 call 41883f call 401d6c call 401cf2 call 41883f call 401d6c call 401cf2 call 402d6a * 2 CopyFileA 240->274 275 41e8bc-41e8e1 call 4029bb call 401d6c call 401cf2 240->275 241->240 297 41e99b-41e9cd call 421b63 call 4276e1 274->297 298 41e96a-41e996 call 4021e9 call 402d6a call 401ded call 4022fb 274->298 275->274 307 41e9d3-41ea18 call 42787b call 421b63 call 4276e1 297->307 308 41eb7f-41ec20 call 41883f * 2 call 402d6a * 2 wsprintfA call 401cf2 * 2 call 4210dd 297->308 298->297 324 41eb70-41eb79 307->324 325 41ea1e-41ea26 307->325 344 41ec91-41ecd5 call 401cf2 * 3 call 4019a9 call 401cf2 * 3 308->344 345 41ec22-41ec77 call 401cf2 * 3 call 4019a9 call 401cf2 * 3 call 407f15 call 401cf2 308->345 324->307 324->308 327 41ea28 325->327 328 41ea2d-41ea4d call 4189fa 325->328 327->328 334 41ea54-41ea8e call 4189fa call 402d6a * 2 CopyFileA 328->334 335 41ea4f 328->335 352 41ea90-41eac2 call 4021e9 call 402d6a call 401ded call 4022fb 334->352 353 41eac7-41eacf 334->353 335->334 344->131 345->79 352->353 359 41ead1 353->359 360 41ead6-41eaf6 call 4189fa 353->360 359->360 369 41eaf8 360->369 370 41eafd-41eb37 call 4189fa call 402d6a * 2 CopyFileA 360->370 369->370 370->324 396 41eb39-41eb6b call 4021e9 call 402d6a call 401ded call 4022fb 370->396 396->324
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 0041E07F
                                                                                                                                                                                                                  • Part of subcall function 0041ED52: __EH_prolog.LIBCMT ref: 0041ED57
                                                                                                                                                                                                                  • Part of subcall function 0041EDDD: __EH_prolog.LIBCMT ref: 0041EDE2
                                                                                                                                                                                                                  • Part of subcall function 0041EDDD: SysAllocString.OLEAUT32(?), ref: 0041EEDC
                                                                                                                                                                                                                  • Part of subcall function 0041EDDD: SysStringLen.OLEAUT32(00000000), ref: 0041EEEF
                                                                                                                                                                                                                  • Part of subcall function 0041EDDD: SysFreeString.OLEAUT32(00000000), ref: 0041EEFA
                                                                                                                                                                                                                  • Part of subcall function 0041EDDD: SysFreeString.OLEAUT32(00000000), ref: 0041EF31
                                                                                                                                                                                                                • CoUninitialize.OLE32(?,00000001,?,?,?,00000001), ref: 0041ED43
                                                                                                                                                                                                                  • Part of subcall function 0040A7BD: __EH_prolog.LIBCMT ref: 0040A7C2
                                                                                                                                                                                                                  • Part of subcall function 0040A7BD: GetModuleFileNameA.KERNEL32(00000000,00000400,?,00000400,?,00000000,0043647C,00436474,00000000), ref: 0040A827
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: __EH_prolog.LIBCMT ref: 0040A722
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: LoadLibraryA.KERNEL32(00000000,?,00000000,?,00000003,?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?), ref: 0040A753
                                                                                                                                                                                                                  • Part of subcall function 0040A71D: GetLastError.KERNEL32(?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?,00000032), ref: 0040A764
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                  • Part of subcall function 0040A8FA: GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 0040A90A
                                                                                                                                                                                                                  • Part of subcall function 0040A8FA: GetLastError.KERNEL32 ref: 0040A914
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041E256
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041E2D0
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000001,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001), ref: 0041E332
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000), ref: 0041E33F
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,-00000003,?,00000000), ref: 0041E39E
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,00000104,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade,00000000,00000000,00000001), ref: 0041E49D
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},00000000,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?), ref: 0041E53C
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,00000000), ref: 0041E554
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0041E644
                                                                                                                                                                                                                  • Part of subcall function 004029BB: __EH_prolog.LIBCMT ref: 004029C0
                                                                                                                                                                                                                  • Part of subcall function 004029BB: SetLastError.KERNEL32(?,?,00000000,00000104,?,0041E59F,02151168,?,00000001,?,00000000,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,00000000), ref: 00402A26
                                                                                                                                                                                                                  • Part of subcall function 0041883F: __EH_prolog.LIBCMT ref: 00418844
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0041E727
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0041E821
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0041E964
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0041EA8A
                                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0041EB33
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041EBEE
                                                                                                                                                                                                                • CoUninitialize.OLE32(?,00000001), ref: 0041EC84
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$File$CopyString$Free$lstrcpylstrlenwsprintf$Uninitialize$AddressAllocByteCharInitializeLibraryLoadModuleMultiNamePathProcTempWide
                                                                                                                                                                                                                • String ID: %s %s$%s /q"%s" /tempdisk1folder"%s" %s$%s%s$%s\%04x.mst$%s\0x%04x.ini$4$D$4$D$4$D$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$ISSetup.dll$ISSetup.dll$Languages$Skin$Startup$count$key%d$reboot$removeasmajorupgrade$runfromtemp$setup.isn$tdC$tempdisk1folder$|dC
                                                                                                                                                                                                                • API String ID: 2023700203-4291814005
                                                                                                                                                                                                                • Opcode ID: 3355d35ce9f45090e68720d9ee4899572ab987d5c029114cb25280f7a05e88c0
                                                                                                                                                                                                                • Instruction ID: 3214510fa0d9b7779b927ef0dc8f36ecd35df5f773c7b5d414b4a59d9882a2de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3355d35ce9f45090e68720d9ee4899572ab987d5c029114cb25280f7a05e88c0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21724071D00119AADB24EBA2DC95EEEB778AF14304F5044AFE50673192EB389F85CF58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004134C4 Relevance: 46.1, APIs: 12, Strings: 14, Instructions: 561librarystringloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 637 4134c4-41352b call 427498 call 401046 call 40104a call 41c327 call 41dbcd 648 413531-413537 637->648 649 4135f8-4135fc 637->649 648->649 651 41353d-413556 call 4131fc 648->651 650 41355c-413562 649->650 653 413573-41357d call 415269 650->653 654 413564-41356d call 41dbcd 650->654 651->650 659 413bb0-413bb2 651->659 658 413582-413584 653->658 654->653 664 413702-413706 654->664 661 41358a-413593 call 41c30d 658->661 662 4136fc 658->662 663 413bc4-413bd2 659->663 661->664 673 413599-4135af call 41c0fc 661->673 662->659 662->664 666 413729-41372c 664->666 667 413708-41370b 664->667 668 413736 666->668 669 41372e-413734 666->669 667->668 671 41370d-413722 call 4131fc 667->671 672 413739-413742 668->672 669->668 669->672 671->669 683 413724 671->683 675 413744-413757 call 426fd0 672->675 676 413758-413761 672->676 685 4135b5-4135b6 673->685 686 4136ab-4136b1 673->686 675->676 681 413767-4137a4 LoadLibraryA 676->681 682 413a36-413a41 676->682 687 4139cb-4139ec call 4156e4 681->687 688 4137aa-4137ca GetProcAddress * 2 681->688 689 413a43-413a46 682->689 690 413a4f-413a55 682->690 683->659 693 41367d-41368b call 420de9 685->693 694 4135bc-4135c2 685->694 691 4136b3-4136ca call 426fd0 686->691 692 4136cb-4136eb call 4156e4 686->692 708 4139f1-4139f3 687->708 688->687 695 4137d0-4137eb call 401046 688->695 689->690 696 413a48 689->696 698 413a74-413a78 690->698 699 413a57-413a59 690->699 691->692 692->693 727 4136ed-4136f7 692->727 693->664 729 41368d-4136a6 call 42045d 693->729 704 4135c4-4135db call 426fd0 694->704 705 4135dc-4135ed call 41dbcd 694->705 738 4137ef-4137f1 695->738 696->690 700 413a98-413a9b 698->700 701 413a7a-413a7d 698->701 709 413a61-413a6f call 4154dc 699->709 710 413a5b-413a5f 699->710 713 413aed 700->713 714 413a9d-413a9f 700->714 701->700 711 413a7f-413a92 call 4131fc 701->711 704->705 740 413601-413606 705->740 741 4135ef-4135f6 705->741 720 4139f5-413a01 call 417fbc 708->720 721 413a1e-413a26 708->721 709->698 710->698 710->709 711->659 711->700 723 413af0-413af4 713->723 714->713 726 413aa1-413ac9 call 4025bc 714->726 720->659 744 413a07-413a0e 720->744 721->682 725 413a28-413a2f 721->725 732 413af6-413af8 723->732 733 413b28-413b2c 723->733 725->682 735 413a31-413a34 FreeLibrary 725->735 757 413ae9-413aeb 726->757 758 413acb-413acf 726->758 737 413ba8-413bab call 417fbc 727->737 729->659 732->733 745 413afa-413b23 call 41d446 lstrcatA call 41d453 732->745 747 413b32-413b36 733->747 748 413bb4-413bc3 call 41c327 733->748 735->682 737->659 738->687 750 4137f7-413812 call 401046 lstrcmpiA 738->750 743 413609-41363f SendMessageA call 4156e4 740->743 741->743 769 413641-413644 743->769 770 41366e-41367c SendMessageA 743->770 744->659 752 413a14-413a19 744->752 745->733 747->748 756 413b38-413b3e 747->756 748->663 750->687 767 413818-4138c3 call 401581 call 409f43 call 4016f0 call 401046 call 409f70 call 401046 call 4016f0 call 420c44 call 420de9 750->767 752->659 764 413b40-413b44 756->764 765 413b46-413b7a call 416526 756->765 757->723 758->757 766 413ad1-413ad5 758->766 764->748 764->765 765->659 781 413b7c-413b90 lstrcmpA 765->781 773 413ae1-413ae7 766->773 774 413ad7-413ada 766->774 804 4138c5-4138c9 767->804 805 4138ce-4138d2 767->805 769->727 776 41364a-41366c call 4156e4 769->776 770->693 773->723 774->773 778 413adc-413adf 774->778 776->727 776->770 778->757 778->773 781->748 784 413b92-413ba6 call 4165c2 781->784 784->737 784->748 806 4139b6-4139c9 call 40191f 804->806 805->806 807 4138d8-4138e4 lstrcpyA 805->807 806->687 806->721 809 4138e8-413967 call 401581 call 409f43 call 4016f0 call 401046 call 409f70 call 418446 807->809 824 413969-413979 call 4016f0 call 420de9 809->824 825 41397b-41398c call 40191f 809->825 824->825 833 413994-4139b1 call 4016f0 lstrcpyA call 40191f 824->833 825->809 830 413992 825->830 830->806 833->806
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004134C9
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000000,00000001), ref: 0041361C
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000000,00000000), ref: 00413676
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(Msi.dll,000000AC,00000000,?,00000000,00000000), ref: 00413790
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetProductInfoA), ref: 004137B6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiSourceListEnumSourcesA), ref: 004137C1
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(-0000003B,?), ref: 0041380A
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00442430,?,?,?,00000000), ref: 004138DE
                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,?,?,00000000,00000000,00000001), ref: 00413A34
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressLibraryMessageProcSend$FreeH_prologLoadlstrcmpilstrcpy
                                                                                                                                                                                                                • String ID: ISSCHEDULEREBOOT=1$2$ISSCHEDULEREBOOT=1$InstallSource$Msi.dll$MsiGetProductInfoA$MsiSourceListEnumSourcesA$PackageCode$PackageName$Y$instmsi30.exe$tdC$|dC$|dC
                                                                                                                                                                                                                • API String ID: 3757715066-1917324869
                                                                                                                                                                                                                • Opcode ID: d70eec0494088fae2122cf077ffb539fe95bef68640dbbe3b0c5f24f7eabdb1d
                                                                                                                                                                                                                • Instruction ID: 2fdd2689b09216258a7020ffca6f3edcfbfb15df49e8d6af11d02c25c2ff20e1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d70eec0494088fae2122cf077ffb539fe95bef68640dbbe3b0c5f24f7eabdb1d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 422280B1D0025AAFDF10DFA5CC85BEEBBB9AF04305F00406BE505B7291DB789A85CB59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EE2B Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 133registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 837 40ee2b-40ee4b call 40f736 840 40ee6c-40ee84 call 428730 837->840 841 40ee4d-40ee5e RegDeleteValueA 837->841 845 40ef82-40ef88 840->845 846 40ee8a-40eea2 CharNextA lstrcmpA 840->846 841->840 843 40ee60-40ee69 RegCloseKey 841->843 843->840 847 40ef8d-40ef97 call 41d453 845->847 848 40eea4-40eeb6 lstrcpyA 846->848 849 40eebb-40eed4 call 40f736 846->849 855 40efa8-40efab 847->855 856 40ef99-40efa6 lstrcpyA 847->856 851 40ef4e-40ef53 848->851 857 40ef55-40ef61 call 40f36b 849->857 858 40eed6-40ef1f RegQueryValueExA RegDeleteValueA 849->858 851->847 859 40eff6-40f00e call 401cf2 855->859 860 40efad-40efb9 RegCloseKey 855->860 856->855 867 40ef63-40ef6c RegCloseKey 857->867 868 40ef6f-40ef7d call 401cf2 857->868 861 40ef21-40ef2a RegCloseKey 858->861 862 40ef2d-40ef4d lstrcpyA 858->862 872 40f010-40f01e 859->872 860->859 861->862 862->851 867->868 868->872
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegOpenKeyExA.KERNELBASE(00000104,00000000,00000000,00000104,0041DD97,00000000,00000000,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104), ref: 0040F750
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegCloseKey.ADVAPI32(?,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?,00000104,00000000,00000104), ref: 0040F761
                                                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(?,ISSetup,80000002,Software\Microsoft\Windows\CurrentVersion\Run,000F003F), ref: 0040EE55
                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 0040EE63
                                                                                                                                                                                                                • CharNextA.USER32 ref: 0040EE8B
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,%IS_V%), ref: 0040EE9A
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 0040EEB1
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(000F003F,?,?,80000002,?,?,80000002), ref: 0040EF0A
                                                                                                                                                                                                                • RegDeleteValueA.ADVAPI32(000F003F,?,?,80000002,?,?,80000002), ref: 0040EF16
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(000F003F,?,80000002,?,?,80000002), ref: 0040EF24
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,80000002,?,?,80000002), ref: 0040EF3D
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(000F003F,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F), ref: 0040EF66
                                                                                                                                                                                                                • lstrcpyA.KERNEL32( /qn SIMHP=0 SIMSP=0 ,?,/verbose,?,00000001), ref: 0040EFA6
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,/verbose,?,00000001), ref: 0040EFB0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$Valuelstrcpy$Delete$CharNextOpenQuerylstrcmp
                                                                                                                                                                                                                • String ID: /qn SIMHP=0 SIMSP=0 $%IS_V%$/verbose$ISSetup$Software\Microsoft\Windows\CurrentVersion$Software\Microsoft\Windows\CurrentVersion\Run$verbose
                                                                                                                                                                                                                • API String ID: 153511641-3338454517
                                                                                                                                                                                                                • Opcode ID: 8ab0b062d7573d7041c14d37fee9c495ada2a87ca4eeb5cac56eab8ab603bb78
                                                                                                                                                                                                                • Instruction ID: 7c1460d64c7c90556ad5fdd5cef9ff5d1eca526f62588a36a76764264be20143
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ab0b062d7573d7041c14d37fee9c495ada2a87ca4eeb5cac56eab8ab603bb78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2418971D0120AFBDB20DF91DD46AEEBB75AF04345F20403AF605B61E0CB789A55CB6A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420613 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 142stringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 873 420613-42064b lstrcpyA * 2 GetFileVersionInfoSizeA 874 420651-420674 call 427a79 call 427d00 GetFileVersionInfoA 873->874 875 42079b-42079f 873->875 880 420792-42079a call 427990 874->880 881 42067a-4206a9 call 427d00 VerQueryValueA 874->881 880->875 886 4206d5-4206fd call 427d00 VerQueryValueA 881->886 887 4206ab-4206d2 wsprintfA 881->887 886->880 890 420703-42072a 886->890 887->886 890->880 891 42072c-420732 890->891 892 420734 891->892 893 420738-420750 call 427df0 891->893 892->893 896 420752-420767 wsprintfA 893->896 897 420769-42077e wsprintfA 893->897 898 420781-420790 lstrcpyA 896->898 897->898 898->880 898->891
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000001,00442430,?,00000000,00000000), ref: 00420633
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00442430), ref: 00420639
                                                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,00000000), ref: 00420642
                                                                                                                                                                                                                • GetFileVersionInfoA.VERSION(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0042066D
                                                                                                                                                                                                                • VerQueryValueA.VERSION(00000000,0043E0A4,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004206A2
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004206CC
                                                                                                                                                                                                                • VerQueryValueA.VERSION(00000000,\VarFileInfo\Translation,00000000,00000000,0043E0A4,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004206F6
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0042075E
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00420778
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000), ref: 0042078B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpywsprintf$FileInfoQueryValueVersion$Size
                                                                                                                                                                                                                • String ID: %s,%u$%u.%u.%u.%u$0$D$\VarFileInfo\Translation
                                                                                                                                                                                                                • API String ID: 2127022127-836452801
                                                                                                                                                                                                                • Opcode ID: 3adaa8116db20be78a4ffcec8ec3e71b4d1ef6afe1f48ab559bd80b81f8049e9
                                                                                                                                                                                                                • Instruction ID: 94fcdf8dca9add85b7a03ca45f9deaa0ff7edd8f986de909ace34ec0d9cabf23
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3adaa8116db20be78a4ffcec8ec3e71b4d1ef6afe1f48ab559bd80b81f8049e9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41D4B2900228BBDF119F55DC45EEF7BBCEF84314F404066FD18A6192D7759A11CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004156E4 Relevance: 23.2, APIs: 2, Strings: 11, Instructions: 423stringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 899 4156e4-41572c call 427498 call 401046 904 415741-415781 call 407585 call 4025bc 899->904 905 41572e-41573f call 426fd0 899->905 910 415786-41578d 904->910 905->910 912 415793-415794 910->912 913 415c34-415c4e call 420c44 910->913 915 415c16-415c26 call 415d4d 912->915 916 41579a-41579b 912->916 922 415c54-415c56 913->922 923 4157bb-4157c5 call 420de9 913->923 926 415c2b-415c2d 915->926 918 4157a1-4157a2 916->918 919 415847-4158f1 call 403bc0 call 4014ff * 2 call 415c68 call 418b8b call 415d09 call 428980 916->919 924 4157a4-4157a5 918->924 925 4157ec-4157f9 call 415692 918->925 960 4158f7-4158fa 919->960 961 415bca-415bdf call 415e95 919->961 929 415c57-415c65 922->929 923->922 938 4157cb-4157d8 923->938 924->922 931 4157ab-4157b6 call 420c44 924->931 940 415832-415842 lstrcpyA 925->940 941 4157fb-415816 call 415db0 925->941 926->922 927 415c2f 926->927 934 4157e5-4157e7 927->934 931->923 934->929 938->934 942 4157da-4157e4 call 42045d 938->942 940->922 941->934 950 415818-41582d call 41d453 941->950 942->934 950->922 962 4158ff-4159a4 call 401581 call 41865e call 401581 call 409f43 call 4016f0 * 2 call 421b63 call 409f70 960->962 967 415be1-415bed call 418b58 961->967 968 415bf2-415c14 call 402d6a call 426fd0 call 418b58 961->968 991 4159aa-415a67 call 4016f0 call 420a75 call 403bc0 call 4014ff call 40aeca call 415c68 call 418b8b call 415d09 call 40191f * 2 962->991 992 415a6c-415af9 call 40191f * 2 call 401581 call 409f43 call 4016f0 call 421b63 call 409f70 962->992 967->934 968->922 991->962 1022 415b00-415b18 call 428e3c 992->1022 1023 415afb 992->1023 1029 415b42 1022->1029 1030 415b1a-415b40 call 428e3c call 429570 1022->1030 1023->1022 1033 415b45-415b57 call 4207e4 1029->1033 1030->1033 1039 415b59-415b78 call 429326 1033->1039 1040 415bbc-415bc5 call 40191f 1033->1040 1039->1040 1045 415b7a 1039->1045 1040->961 1046 415b83-415bba call 429540 call 42045d call 40191f 1045->1046 1047 415b7c-415b81 1045->1047 1046->967 1047->1040 1047->1046
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004156E9
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,?,?,00000400,?,00000000,?,00000104,isnetfx.exe,dotnetfx.exe,00000000), ref: 0041583C
                                                                                                                                                                                                                  • Part of subcall function 00415DB0: __EH_prolog.LIBCMT ref: 00415DB5
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: __EH_prolog.LIBCMT ref: 00403BC5
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: GetLastError.KERNEL32(004364B4,00000001,004364BC,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403BEE
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: SetLastError.KERNEL32(?,00000000,00000000,00000000,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403C43
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 00415C68: __EH_prolog.LIBCMT ref: 00415C6D
                                                                                                                                                                                                                  • Part of subcall function 00415D09: __EH_prolog.LIBCMT ref: 00415D0E
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                  • Part of subcall function 00421B63: __EH_prolog.LIBCMT ref: 00421B68
                                                                                                                                                                                                                  • Part of subcall function 00421B63: GetModuleFileNameA.KERNEL32(?,00000104,74DE8B60,00000104,00000000), ref: 00421BA1
                                                                                                                                                                                                                  • Part of subcall function 00421B63: GetTempPathA.KERNEL32(00000104,?), ref: 00421C0C
                                                                                                                                                                                                                  • Part of subcall function 00421B63: GetTempFileNameA.KERNELBASE(?,0043EAA0,00000000,?), ref: 00421C26
                                                                                                                                                                                                                  • Part of subcall function 00421B63: DeleteFileA.KERNELBASE(?,?,?,00442430,00000000,00429A4C,?,?,?,?,?,?), ref: 00421CE0
                                                                                                                                                                                                                  • Part of subcall function 00409F70: __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                  • Part of subcall function 00409F70: GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast$File$NameTemplstrlen$ByteCharDeleteFreeModuleMultiPathStringWidelstrcatlstrcpylstrcpyn
                                                                                                                                                                                                                • String ID: /URL$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$Cab%d$CabsSize$dotnetfx.exe$isnetfx.exe$tdC$|dC$|dC$|dC
                                                                                                                                                                                                                • API String ID: 2677536293-2467509445
                                                                                                                                                                                                                • Opcode ID: 7156a816af55482a8de88aa9befe6266bfae0fe885cf9342c9abaea975f85d47
                                                                                                                                                                                                                • Instruction ID: 35f13ad9e1ecfbe7740e68f019fea7dcaa75b65fe015352cf5192bde6c51688b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7156a816af55482a8de88aa9befe6266bfae0fe885cf9342c9abaea975f85d47
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56F1A371D01249EFDF10EFA5CC81AEEBB78AF54304F14409EF505A7291EB785A84CB59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00415010 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 124registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1099 415010-415041 call 427498 call 40f736 1103 415046-415048 1099->1103 1104 415061-4150ab RegEnumValueA 1103->1104 1105 41504a-41504d 1103->1105 1108 4150b1-4150cd call 40f736 1104->1108 1109 41514f-415152 1104->1109 1106 415053-41505c RegCloseKey 1105->1106 1107 415159 1105->1107 1106->1107 1112 41515b-415169 1107->1112 1114 4150ea-4150ff call 40f736 1108->1114 1115 4150cf-4150e4 call 415188 1108->1115 1109->1107 1110 415154-415157 RegCloseKey 1109->1110 1110->1107 1121 415101-415116 call 415188 1114->1121 1122 415118-41511e 1114->1122 1115->1114 1120 41516c-41516f 1115->1120 1126 415171-415176 RegCloseKey 1120->1126 1127 415179-41517c 1120->1127 1121->1120 1121->1122 1124 415120-415123 RegCloseKey 1122->1124 1125 415125-415149 RegEnumValueA 1122->1125 1124->1125 1125->1108 1125->1109 1126->1127 1129 415183-415186 1127->1129 1130 41517e-415181 RegCloseKey 1127->1130 1129->1112 1130->1129
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00415015
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegOpenKeyExA.KERNELBASE(00000104,00000000,00000000,00000104,0041DD97,00000000,00000000,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104), ref: 0040F750
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegCloseKey.ADVAPI32(?,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?,00000104,00000000,00000104), ref: 0040F761
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000003,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries,000F003F,00000000,00000003,00000000), ref: 00415056
                                                                                                                                                                                                                • RegEnumValueA.ADVAPI32(00000003,00000000,?,?,00000000,?,00000000,00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries,000F003F,00000000,00000003,00000000), ref: 0041509D
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnceEx,000F003F,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,000F003F), ref: 00415123
                                                                                                                                                                                                                • RegEnumValueA.ADVAPI32(00000003,00000001,?,00000208,00000000,?,00000000,00000000,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnceEx,000F003F,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,000F003F), ref: 00415141
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000003), ref: 00415157
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,?,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnceEx,000F003F,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,000F003F), ref: 00415174
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000003,00000000,?,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnceEx,000F003F,80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,000F003F), ref: 00415181
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 004150B9
                                                                                                                                                                                                                • SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 00415035
                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnceEx, xrefs: 004150EF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$EnumValue$H_prologOpen
                                                                                                                                                                                                                • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$Software\Microsoft\Windows\CurrentVersion\RunOnce$Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                                                                                                                                                                                                                • API String ID: 2958348514-2087105512
                                                                                                                                                                                                                • Opcode ID: 198af3052f18c91d251ac81c90b18cbb3313b89b0f47c974042a8d9429b874dc
                                                                                                                                                                                                                • Instruction ID: cfa0b968462fe156e64894ea8d459f9a2c5f072bb46969ea4fa36e6ea9062e6c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 198af3052f18c91d251ac81c90b18cbb3313b89b0f47c974042a8d9429b874dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36414872D0021AFEDF25DBE5DD85AFFB778AB58344F10042AE502B2281D7789E84CB65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409845 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1131 409845-409857 LoadLibraryA 1132 40985d-4098af GetProcAddress * 4 1131->1132 1133 4098de-4098e0 1131->1133 1134 4098b1-4098b8 1132->1134 1135 4098cb-4098d7 FreeLibrary 1132->1135 1134->1135 1136 4098ba-4098c1 1134->1136 1135->1133 1136->1135 1137 4098c3-4098c5 1136->1137 1137->1135 1138 4098c7-4098ca 1137->1138
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(CABINET,00409914,?,00000000), ref: 0040984A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FDICreate), ref: 0040986A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(FDIIsCabinet), ref: 0040987C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(FDICopy), ref: 0040988E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(FDIDestroy), ref: 004098A0
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004098D1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                • String ID: CABINET$FDICopy$FDICreate$FDIDestroy$FDIIsCabinet
                                                                                                                                                                                                                • API String ID: 2449869053-2243815904
                                                                                                                                                                                                                • Opcode ID: f316897856bf6f482f964d270212c0a8d7094aea55af8f2112b9156da3298567
                                                                                                                                                                                                                • Instruction ID: 4cadbd745e6401950ca459dc050b0044f0ef1f95ae624ef10ba884ba71eb1454
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f316897856bf6f482f964d270212c0a8d7094aea55af8f2112b9156da3298567
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25012879930A22ABDB11AB30EE0AB123BA5F706315F806037B404A62B5C7F84844EB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041FB99 Relevance: 16.7, APIs: 11, Instructions: 183fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1139 41fb99-41fbb4 call 427498 1142 41fbb6-41fbb9 1139->1142 1143 41fbef 1139->1143 1142->1143 1144 41fbbb-41fbde CreateFileA 1142->1144 1145 41fbf1-41fbff 1143->1145 1146 41fbe0-41fbe9 GetLastError 1144->1146 1147 41fc02-41fc12 call 42013a 1144->1147 1146->1143 1147->1143 1150 41fc14-41fc2a CreateFileA 1147->1150 1151 41fc46-41fc5c 1150->1151 1152 41fc2c-41fc44 GetLastError CloseHandle 1150->1152 1153 41fc61-41fc78 call 4274b7 1151->1153 1154 41fc5e 1151->1154 1152->1143 1157 41fc7a 1153->1157 1158 41fc7e-41fc92 1153->1158 1154->1153 1157->1158 1159 41fca4-41fcb8 1158->1159 1160 41fc94-41fc9e 1158->1160 1161 41fcbb-41fcbf ReadFile 1159->1161 1160->1159 1165 41fd35 1160->1165 1163 41fcc1-41fcc4 1161->1163 1164 41fd38-41fd54 FindCloseChangeNotification FlushFileBuffers CloseHandle 1161->1164 1168 41fcc6-41fcc9 1163->1168 1169 41fcdc-41fcf8 WriteFile 1163->1169 1166 41fd92-41fd9e call 426aeb 1164->1166 1167 41fd56-41fd59 1164->1167 1165->1164 1166->1145 1167->1166 1171 41fd5b-41fd5e 1167->1171 1168->1169 1172 41fccb-41fcd9 call 4013aa 1168->1172 1173 41fd0a-41fd10 1169->1173 1174 41fcfa-41fd08 1169->1174 1171->1166 1177 41fd60-41fd8d call 4014ff call 4016f0 call 401408 call 40191f 1171->1177 1172->1169 1173->1164 1175 41fd12-41fd14 1173->1175 1174->1165 1174->1173 1175->1164 1180 41fd16-41fd1d 1175->1180 1177->1166 1183 41fd25-41fd33 1180->1183 1184 41fd1f-41fd22 1180->1184 1183->1161 1184->1183
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041FB9E
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FBD6
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FBE0
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,?,00000000,00000000,?,80000000,00000003,00000000,00000003), ref: 0041FC22
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FC2C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FC3E
                                                                                                                                                                                                                • ReadFile.KERNELBASE(?,?,?,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FCBB
                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FCEA
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FD41
                                                                                                                                                                                                                • FlushFileBuffers.KERNEL32(?,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FD46
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0041FD4F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Close$CreateErrorHandleLast$BuffersChangeFindFlushH_prologNotificationReadWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2919287784-0
                                                                                                                                                                                                                • Opcode ID: 30ca96eee21139d7ad21377cce83b0e9a36b00abbccaecfc36e14fb73ffbf01c
                                                                                                                                                                                                                • Instruction ID: 5b9670617b21e1789a64c02569fbcaa0ae4ae9afc4ba2a5826f07d6c83ba0603
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30ca96eee21139d7ad21377cce83b0e9a36b00abbccaecfc36e14fb73ffbf01c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B615C72D00109AFDF11DFA4D881AEEBBB5FF08314F14802AE501B6291D73A5D96DB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041CEBE Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 118COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1258 41cebe-41cee7 call 427498 call 41d1e0 1263 41d00d-41d019 1258->1263 1264 41ceed-41cf6a call 41c1fe call 420c44 call 402375 call 4023bd call 407585 1258->1264 1275 41cfe9-41cff2 1264->1275 1276 41cf6c 1264->1276 1278 41cff3-41d00c call 4042e4 call 4037e4 1275->1278 1277 41cf72-41cfa8 wsprintfA call 4025bc 1276->1277 1284 41d01a-41d021 1277->1284 1285 41cfaa-41cfd5 call 4274c5 wsprintfA call 41d1e0 1277->1285 1278->1263 1284->1278 1290 41cfda-41cfdc 1285->1290 1291 41d023-41d02a 1290->1291 1292 41cfde-41cfe7 1290->1292 1291->1278 1292->1275 1292->1277
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041CEC3
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: __EH_prolog.LIBCMT ref: 0041D1E5
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: LoadCursorA.USER32(00000000,00007F02), ref: 0041D21C
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: SetCursor.USER32(00000000), ref: 0041D229
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: wsprintfA.USER32 ref: 0041D2B9
                                                                                                                                                                                                                  • Part of subcall function 0041C1FE: lstrcpyA.KERNEL32(00002F19,?,?,74DE83C0,00000000), ref: 0041C229
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 00407585: __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 00407585: lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041CF86
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041CFC3
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: SetCursor.USER32(?,?,?,00000000), ref: 0041D318
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$Cursorwsprintf$Loadlstrcatlstrcmplstrcpylstrcpynlstrlen
                                                                                                                                                                                                                • String ID: %#04x.ini$%s%d$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$Languages$count$key
                                                                                                                                                                                                                • API String ID: 3994470762-2527180459
                                                                                                                                                                                                                • Opcode ID: 69e9fa996e3c19e6407638601b068ec51ea12f6acd5157651f22d0d6bc839fe2
                                                                                                                                                                                                                • Instruction ID: dbfa792d46e93ff5ee3b1a6e7b1e3b867a3a268b090465e108d7f33f5aca4491
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69e9fa996e3c19e6407638601b068ec51ea12f6acd5157651f22d0d6bc839fe2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 714152B1D40219BADB10EBA5DC82FEEBB79EF08308F10046BF505B61C1DB785B85CA58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C961 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 311stringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1293 41c961-41c97d call 427498 call 41c446 1298 41c983-41c98b 1293->1298 1299 41cd0c-41cd0e 1293->1299 1301 41c991-41c997 1298->1301 1302 41ca62 1298->1302 1300 41cd4d-41cd5b 1299->1300 1301->1302 1303 41c99d-41c9a3 1301->1303 1304 41ca65-41ca84 call 4213be IsValidCodePage 1302->1304 1303->1302 1306 41c9a9-41c9af 1303->1306 1309 41ca86-41cab3 call 42163d call 42045d 1304->1309 1310 41cab8-41cad6 call 427d00 1304->1310 1306->1302 1308 41c9b5-41c9e3 call 41d6f3 1306->1308 1317 41c9e5-41c9f6 call 41d6f3 1308->1317 1318 41ca3e-41ca50 call 401072 1308->1318 1309->1299 1321 41cbd3-41cbdc 1310->1321 1322 41cadc-41cae3 1310->1322 1317->1318 1334 41c9f8-41ca01 call 41ce8d 1317->1334 1318->1302 1332 41ca52-41ca60 call 41d808 1318->1332 1328 41cc30-41cc6c call 40f8a5 call 4204d4 lstrlenA 1321->1328 1329 41cbde-41cc19 call 407585 call 4274b7 1321->1329 1322->1321 1326 41cae9-41cb31 call 427d00 call 4295a4 call 426fe0 call 41ceaa 1322->1326 1373 41cb33-41cb4e call 420c44 call 41d16e 1326->1373 1374 41cb6f-41cb76 1326->1374 1355 41cca1-41ccb1 call 42045d 1328->1355 1356 41cc6e-41cc84 call 428f80 1328->1356 1353 41cc24 1329->1353 1354 41cc1b-41cc22 call 40f879 1329->1354 1332->1304 1345 41ca03-41ca15 call 41d1e0 1334->1345 1346 41ca17-41ca35 call 420c44 call 420de9 1334->1346 1366 41ca3a-41ca3c 1345->1366 1346->1366 1362 41cc26-41cc2a 1353->1362 1354->1362 1375 41ccb6-41cd0a call 4216cf wsprintfA call 41ce6a call 41ce45 call 41d417 1355->1375 1356->1355 1370 41cc86-41cc90 lstrlenA 1356->1370 1362->1328 1366->1302 1366->1318 1370->1355 1372 41cc92-41cc9f call 428f80 1370->1372 1372->1355 1372->1375 1373->1299 1397 41cb54-41cb6d call 41d453 1373->1397 1379 41cb78-41cb9b call 420c44 call 41d453 1374->1379 1380 41cb9d-41cba6 call 41ce1c 1374->1380 1375->1299 1409 41cd10-41cd24 call 4123ac call 413bd5 1375->1409 1379->1321 1391 41cbc4-41cbd2 call 426fd0 1380->1391 1392 41cba8-41cbb1 call 41cde3 1380->1392 1391->1321 1392->1391 1405 41cbb3-41cbc2 call 41cd5c 1392->1405 1397->1321 1405->1321 1414 41cd29-41cd2b 1409->1414 1415 41cd31-41cd3a call 40f91f 1414->1415 1416 41cd2d-41cd2f 1414->1416 1417 41cd3f-41cd4b call 412401 1415->1417 1416->1417 1417->1300
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041C966
                                                                                                                                                                                                                  • Part of subcall function 0041C446: LoadLibraryA.KERNEL32(msi.dll,?,?,00000000), ref: 0041C479
                                                                                                                                                                                                                  • Part of subcall function 0041C446: GetProcAddress.KERNEL32(00000000,MsiGetProductInfoA), ref: 0041C488
                                                                                                                                                                                                                  • Part of subcall function 0041C446: FreeLibrary.KERNEL32(?,?,00000000), ref: 0041C60E
                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(?,?,00000000), ref: 0041CA7C
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,000003E8,00000000,?,?,00000000), ref: 0041CC68
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000002,?,000003E8,00000000,?,?,00000000), ref: 0041CC8C
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041CCDE
                                                                                                                                                                                                                  • Part of subcall function 0041D6F3: wsprintfA.USER32 ref: 0041D750
                                                                                                                                                                                                                  • Part of subcall function 0041D6F3: CharNextA.USER32(?), ref: 0041D763
                                                                                                                                                                                                                  • Part of subcall function 0041D6F3: CharNextA.USER32(00000000), ref: 0041D766
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: __EH_prolog.LIBCMT ref: 0041D1E5
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: LoadCursorA.USER32(00000000,00007F02), ref: 0041D21C
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: SetCursor.USER32(00000000), ref: 0041D229
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: wsprintfA.USER32 ref: 0041D2B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 0041CA23
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0041CB3A
                                                                                                                                                                                                                • /LangTransform, xrefs: 0041CB57, 0041CB8F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wsprintf$CharCursorH_prologLibraryLoadNextlstrlen$AddressCodeFreePageProcValid
                                                                                                                                                                                                                • String ID: /LangTransform$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 1372367309-2161585720
                                                                                                                                                                                                                • Opcode ID: a5aed610fef04e5e4791d0b18418ce05c3c5b0f255704df3409c9fc1bb6720f5
                                                                                                                                                                                                                • Instruction ID: 0e7f2b20ff60cfe418df481f2f273fdbb101509d26e0a3147f59ba7c13d21b19
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5aed610fef04e5e4791d0b18418ce05c3c5b0f255704df3409c9fc1bb6720f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33A1D6B1A44219AADF20EB71EC81BEF77ACEF44344F10446FF615D2181EB389A858B5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402E01 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 299fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402E06
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000080,00000000,74DE8B60,?,00000000), ref: 00402E35
                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,004364E4,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,00000000,00000000,],00000000,00000000,?), ref: 00402FB0
                                                                                                                                                                                                                  • Part of subcall function 00406510: __EH_prolog.LIBCMT ref: 00406515
                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,004364E4,00000000,?,00000000,00000001,00000001,00000001,00000001,00000001,00000000,00000000), ref: 004030F8
                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,004364E4,00000000,?,00000000,0043D138,00000000,?), ref: 00403152
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(000000FF,00000001,?,00000000,?,00000000), ref: 004031A6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Write$H_prolog$ChangeCloseCreateFindNotification
                                                                                                                                                                                                                • String ID: ]$dC
                                                                                                                                                                                                                • API String ID: 2749126053-168518200
                                                                                                                                                                                                                • Opcode ID: 0ec9212995f985392dcb655a1eb67b03f449707724f1a654a50840c1cd003eb5
                                                                                                                                                                                                                • Instruction ID: e2038fc4c5936c7de2bbd0d9e3655459ba8081b643560a11a4cae73694e52818
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ec9212995f985392dcb655a1eb67b03f449707724f1a654a50840c1cd003eb5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DC15974D00259AEDF05EBA5CC85AEEBB78BF14308F1040AEF511B72C2DB785A44CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004025BC Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 209stringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 1531 4025bc-4025d3 call 427498 1534 402820 1531->1534 1535 4025d9-40260a call 4042e4 call 427800 call 404de4 call 4046e3 1531->1535 1537 402822-402830 1534->1537 1544 40260f-402625 call 4042e4 1535->1544 1547 402811-40281a lstrcpynA 1544->1547 1548 40262b-402640 call 4042e4 1544->1548 1547->1534 1551 402646-4026b4 call 4042e4 call 427800 call 404de4 call 403843 call 404d16 call 4042e4 * 2 1548->1551 1552 40277d-4027ec call 4042e4 call 427800 call 404de4 call 403843 call 404d16 call 4042e4 * 2 1548->1552 1583 402758-40275b 1551->1583 1584 4026ba-4026c2 1551->1584 1581 4027f3-4027fa lstrcpynA 1552->1581 1582 4027ee 1552->1582 1587 402800-40280f call 4042e4 1581->1587 1582->1581 1585 40276a-40276d 1583->1585 1586 40275d-402765 1583->1586 1584->1587 1588 4026c8-4026cb 1584->1588 1585->1587 1589 402773-402778 1585->1589 1586->1587 1587->1537 1588->1587 1591 4026d1-4026d4 1588->1591 1589->1587 1593 4026d6-4026d9 1591->1593 1594 4026ea 1591->1594 1593->1594 1595 4026db-4026e8 call 4042b8 1593->1595 1596 4026ef-4026f9 1594->1596 1595->1596 1598 402749-40274d 1596->1598 1599 4026fb-4026fe 1596->1599 1598->1588 1601 402753 1598->1601 1602 402700-402703 1599->1602 1603 402714 1599->1603 1601->1587 1602->1603 1605 402705-402712 call 4042b8 1602->1605 1604 402719-40271b 1603->1604 1604->1598 1607 40271d-402723 1604->1607 1605->1604 1609 402725-402728 1607->1609 1610 402739 1607->1610 1609->1610 1611 40272a-402737 call 4042b8 1609->1611 1612 40273e-402740 1610->1612 1611->1612 1614 402742 1612->1614 1615 402746-402748 1612->1615 1614->1615 1615->1598
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00429A4C,?,?,00000001,00000001,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000001,00000000), ref: 004027FA
                                                                                                                                                                                                                  • Part of subcall function 00403843: __EH_prolog.LIBCMT ref: 00403848
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00429A4C,00000000,?,00000001,00000000,?,?,00000000,00000000,?,00000104,00000000), ref: 0040281A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrcpyn
                                                                                                                                                                                                                • String ID: 0$D$dC$dC$dC$dC
                                                                                                                                                                                                                • API String ID: 588646068-44948036
                                                                                                                                                                                                                • Opcode ID: 1061769552f674a4e7e065192ac03a005c3b1d25edd5b8d745cb6ec46cde2e13
                                                                                                                                                                                                                • Instruction ID: 8dff8b1d25f6a5f814979d9962ba0c22f5f97c92322531c46a1203b7ca201555
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1061769552f674a4e7e065192ac03a005c3b1d25edd5b8d745cb6ec46cde2e13
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C819A76800259EACF12EF99D9859EEBBB8AF15304F00807FF501732D2D7789A45CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004222C3 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 234fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(00000000,_is,00000000,00000000,?,00000104,?,00000000), ref: 00422431
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,00000104,00442434,00000104,00000000), ref: 0042230B
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004222C8
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 00422452
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileH_prologLastTemp$ByteCharDeleteMultiNamePathWidelstrlen
                                                                                                                                                                                                                • String ID: .tmp$_is$|dC
                                                                                                                                                                                                                • API String ID: 2761551898-3041101126
                                                                                                                                                                                                                • Opcode ID: b80e292ca4600a48da18e565cf0c719e940951e2921c43f2ef30e7f78d888204
                                                                                                                                                                                                                • Instruction ID: edb1e7715c6970854a525b32f298c56bd97450a0f84d944efaeb4099caf128ce
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b80e292ca4600a48da18e565cf0c719e940951e2921c43f2ef30e7f78d888204
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4491B470C01258EEDB11EFA5C945BDEBB78AF18308F50409EF94573282DB785B49CB65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421B63 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00421B68
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,74DE8B60,00000104,00000000), ref: 00421BA1
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: __EH_prolog.LIBCMT ref: 0041F8F8
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: lstrcpyA.KERNEL32(00000001,?,?,00000104,?,?,00421BB9,?), ref: 0041F93F
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00421BB9,?), ref: 0041F965
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: GetLastError.KERNEL32(?,?,00421BB9,?), ref: 0041F976
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 00421C0C
                                                                                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,0043EAA0,00000000,?), ref: 00421C26
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI), ref: 00421C62
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,?,00442430,00000000,00429A4C,?,?,?,?,?,?), ref: 00421CE0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$H_prologNameTemplstrcpy$CreateDeleteErrorLastModulePath
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI
                                                                                                                                                                                                                • API String ID: 2290668817-1030839668
                                                                                                                                                                                                                • Opcode ID: 05123e423701c1cb315b24e4f5b14f31cc244d3c84a74bbbe2b6e51bbb7a1330
                                                                                                                                                                                                                • Instruction ID: f693517df12815df2147a603a55396e72e02532b35e04a4745702d6d69a86869
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05123e423701c1cb315b24e4f5b14f31cc244d3c84a74bbbe2b6e51bbb7a1330
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541527290116DBFDF15EBA5DD55ADEBB78AB14304F4040EAE209A3191DB385B88CF18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D1E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041D1E5
                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 0041D21C
                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 0041D229
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041D2B9
                                                                                                                                                                                                                • SetCursor.USER32(?,?,?,00000000), ref: 0041D318
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %s: %s, xrefs: 0041D2B3
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0041D23D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Cursor$H_prologLoadwsprintf
                                                                                                                                                                                                                • String ID: %s: %s$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 778846815-3035542176
                                                                                                                                                                                                                • Opcode ID: 14081fe66699a5bd4232463cd47a29ac969650a1337d8e217fe8c2ccc8ee2a62
                                                                                                                                                                                                                • Instruction ID: 59191497b2af04cf91cbe096d09d104a1f5d0ba17791582dff3f5662f5539e58
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14081fe66699a5bd4232463cd47a29ac969650a1337d8e217fe8c2ccc8ee2a62
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C241A5B1D0021AABDF11EF64DC45BEA77B8FB04308F10447BF615A6191DB389A88CF99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004104AD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410ED5: __EH_prolog.LIBCMT ref: 00410EDA
                                                                                                                                                                                                                  • Part of subcall function 00410E40: __EH_prolog.LIBCMT ref: 00410E45
                                                                                                                                                                                                                  • Part of subcall function 00410347: GetSystemDefaultLCID.KERNEL32(00410509,?,?,?,00000000,?,?,?), ref: 00410347
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000001,?,?,?,00000000,?,?,?), ref: 0041052F
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00410536
                                                                                                                                                                                                                  • Part of subcall function 00410F5E: __EH_prolog.LIBCMT ref: 00410F63
                                                                                                                                                                                                                  • Part of subcall function 00410F5E: wsprintfA.USER32 ref: 00410F92
                                                                                                                                                                                                                • GlobalHandle.KERNEL32 ref: 00410582
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00410585
                                                                                                                                                                                                                • GlobalHandle.KERNEL32 ref: 00410591
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00410594
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$H_prolog$Handle$AllocDefaultFreeLockSystemUnlockwsprintf
                                                                                                                                                                                                                • String ID: xGD
                                                                                                                                                                                                                • API String ID: 1414631992-1797962929
                                                                                                                                                                                                                • Opcode ID: f1aeb05f5f157ec477f14dc9fddf4d87844086028583a8be7888a0f63e7bf064
                                                                                                                                                                                                                • Instruction ID: 4057799fb3b8c8c719ac1c8dde85317df205063c7c8eb0d6cc1c690542519d66
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1aeb05f5f157ec477f14dc9fddf4d87844086028583a8be7888a0f63e7bf064
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10212D75500205BFDB10EFB5EC44A9A7BF9EB8A310B11447AE855D3260E778D9C1CF18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004208EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(COMCTL32,00000000,?,?,?,0041ECDD,?,00000001), ref: 004208F9
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0042090B
                                                                                                                                                                                                                • #17.COMCTL32(?,?,?,0041ECDD,?,00000001), ref: 0042092B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,0041ECDD,?,00000001), ref: 00420932
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                • String ID: $COMCTL32$InitCommonControlsEx
                                                                                                                                                                                                                • API String ID: 145871493-1772614818
                                                                                                                                                                                                                • Opcode ID: ae5d696aa5291a69a6b8d90b5c1e697f5203b6a018d967d79f153a751000f855
                                                                                                                                                                                                                • Instruction ID: e7b6636786a91027ce4e6c037a9c0f60b7dc8a49e753a6a24cac30e6a9550691
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae5d696aa5291a69a6b8d90b5c1e697f5203b6a018d967d79f153a751000f855
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E09B70501222BBDB106B51EC0DA9F7EE8EF09741F515115F44391193DB789544CDBD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401E46 Relevance: 12.1, APIs: 8, Instructions: 78windowregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadIconA.USER32(0040F6A2,?), ref: 00401E74
                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 00401E83
                                                                                                                                                                                                                • GetStockObject.GDI32(00000004), ref: 00401E8E
                                                                                                                                                                                                                • RegisterClassA.USER32(00000003), ref: 00401EA6
                                                                                                                                                                                                                • CreateWindowExA.USER32(00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000,0040F6A2,?), ref: 00401ECB
                                                                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00401EE6
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00401EF0
                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 00401EFA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Load$ClassCreateCursorDispatchIconObjectRegisterStockTranslateWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1812404604-0
                                                                                                                                                                                                                • Opcode ID: 4b45a1a340826c8a160264e5a1cb32051e6a7ec7cbd69cbd6848ffc40038e732
                                                                                                                                                                                                                • Instruction ID: 25c93cfba722d033c973ad52396ca6241f7530a06ad33cdcab3fa6cd77c026a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b45a1a340826c8a160264e5a1cb32051e6a7ec7cbd69cbd6848ffc40038e732
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B521E9B2D0121ABBCB109FA5EC48ADFBBBCEF59764B119026F605E2150D7749501CBAC
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00430F54 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000001,80000000,?,0000000C,00000001,00000080,00000000,74DE8B61,00000000,00000000), ref: 00431107
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00431113
                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 00431128
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00431133
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateErrorHandleLastType
                                                                                                                                                                                                                • String ID: @$H
                                                                                                                                                                                                                • API String ID: 1809617866-104103126
                                                                                                                                                                                                                • Opcode ID: be4818f9846bacc2bf249a641e90ed0529d707798336d4f84e42b3a0d9e3f1fa
                                                                                                                                                                                                                • Instruction ID: 0144dc0da9b958c1641af19e5a9d54ed90ea732434333996b0068ac0ef2a563d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: be4818f9846bacc2bf249a641e90ed0529d707798336d4f84e42b3a0d9e3f1fa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56814A319042855BEF348BA8C8547EF7B709F0D328F24625BE961A63E1C7BD4985C74E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C73F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 144stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041C744
                                                                                                                                                                                                                  • Part of subcall function 0041AD16: GetVersionExA.KERNEL32(?,?,?), ref: 0041AD43
                                                                                                                                                                                                                  • Part of subcall function 0041AD16: GetSystemInfo.KERNELBASE(?,?,?), ref: 0041AD83
                                                                                                                                                                                                                  • Part of subcall function 00406B7B: __EH_prolog.LIBCMT ref: 00406B80
                                                                                                                                                                                                                  • Part of subcall function 00407585: __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 00407585: lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,00000000), ref: 0041C86E
                                                                                                                                                                                                                  • Part of subcall function 004101BC: __EH_prolog.LIBCMT ref: 004101C1
                                                                                                                                                                                                                  • Part of subcall function 004101BC: lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?), ref: 004101D8
                                                                                                                                                                                                                  • Part of subcall function 004101BC: lstrcpyA.KERNEL32(00443D50,?), ref: 004101E2
                                                                                                                                                                                                                  • Part of subcall function 004101BC: LoadLibraryA.KERNEL32(Msi.dll), ref: 00410205
                                                                                                                                                                                                                  • Part of subcall function 004101BC: GetProcAddress.KERNEL32(00000000,MsiQueryProductStateA), ref: 00410224
                                                                                                                                                                                                                  • Part of subcall function 0041AF1A: wsprintfA.USER32 ref: 0041AF38
                                                                                                                                                                                                                  • Part of subcall function 0041AF1A: lstrcmpA.KERNEL32(?,?), ref: 0041AF49
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcmplstrcpy$AddressInfoLibraryLoadProcSystemVersionlstrlenwsprintf
                                                                                                                                                                                                                • String ID: KEY$PASSWORD$Source$Startup
                                                                                                                                                                                                                • API String ID: 1527751837-3958804870
                                                                                                                                                                                                                • Opcode ID: a55e46046bdfb699b42df412dd0336252b0bbde1670bc1a895f7b8469485a149
                                                                                                                                                                                                                • Instruction ID: a415b2e3d9d6c2f6cd518e494f0729b9aac58e0a01f702ae4f1f1f1dce09522a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a55e46046bdfb699b42df412dd0336252b0bbde1670bc1a895f7b8469485a149
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B051C5B0941344EADB20EB71CDC2BEEB7B49F15314F10406FE256621D2DB782A99CB6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041FF9B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0041FFB3
                                                                                                                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,00000000), ref: 0041FFCD
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,00000000,74DF34C0,?,00000000), ref: 00420064
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,00000000), ref: 0042006F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$View$ChangeCloseCreateFindMappingNotificationUnmap
                                                                                                                                                                                                                • String ID: .debug$.rdata
                                                                                                                                                                                                                • API String ID: 3767000111-4039274918
                                                                                                                                                                                                                • Opcode ID: d7afde1fa5f653998c07344b63c33ba9d9b85f277a9e8fbcbbbaf8e14326c861
                                                                                                                                                                                                                • Instruction ID: 751ddbebea9c56fd5370b31b8f6768e33ed1dd7b0d5f4746f71358c907d9b809
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7afde1fa5f653998c07344b63c33ba9d9b85f277a9e8fbcbbbaf8e14326c861
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5321BF71700118EFEB109F58EC84EAEBBA6EB44344F95846AE50597252C775AC44CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F6C8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000001,Software\InstallShield\ISWI\7.0\SetupExeLog,00000000,00000001,00000000,?,?,?,0040E584,00000000,00000000), ref: 0040F6DF
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,SetupLogFileName,00000000,00000000, /qn SIMHP=0 SIMSP=0 ,00000000,?,?,?,0040E584), ref: 0040F705
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,0040E584), ref: 0040F719
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • SetupLogFileName, xrefs: 0040F6FD
                                                                                                                                                                                                                • /qn SIMHP=0 SIMSP=0 , xrefs: 0040F6F4
                                                                                                                                                                                                                • Software\InstallShield\ISWI\7.0\SetupExeLog, xrefs: 0040F6D5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                • String ID: /qn SIMHP=0 SIMSP=0 $SetupLogFileName$Software\InstallShield\ISWI\7.0\SetupExeLog
                                                                                                                                                                                                                • API String ID: 3677997916-1193828301
                                                                                                                                                                                                                • Opcode ID: d6103bdb960139f94793f6f4ed5f2f5d9f3aa5ed357951fe527d3312887a233f
                                                                                                                                                                                                                • Instruction ID: eef36d89a9085ad4c7e60bc6d233b99113575d06b555fb6f7bc5a74d7ec2c873
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6103bdb960139f94793f6f4ed5f2f5d9f3aa5ed357951fe527d3312887a233f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF03070A40209BBEB10DB61ED87F9A7F78AB04B48F205076F501B61D0E3F59A489A18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041FEAC Relevance: 9.1, APIs: 6, Instructions: 94fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000001,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000), ref: 0041FED6
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0041FEE3
                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,?,00000040,?,00000000,?,00000000), ref: 0041FF03
                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,?,00000018,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0041FF26
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,00000028,?,00000000,00000000,?,00000000,00000001,?,00000000), ref: 0041FF5C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000001,?,00000000), ref: 0041FF8D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Read$CloseCreateErrorHandleLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2896028077-0
                                                                                                                                                                                                                • Opcode ID: 34fc13879ed650730f70328480c1112bced05b05db996ff5e4d4d4124828ebbc
                                                                                                                                                                                                                • Instruction ID: 195dbd3075abd17775e1ac2395f307fb28509b263bed01babb5b9efa08c42bac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34fc13879ed650730f70328480c1112bced05b05db996ff5e4d4d4124828ebbc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B316475D00218BBDB20EBA1CC85EEFBBBCEF49710F1040ABF515A2181D6B49A85CB64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421000 Relevance: 9.1, APIs: 6, Instructions: 87processstringwindowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,000000FF), ref: 0042104D
                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 0042106A
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00421081
                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00421097
                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE(?,00000001), ref: 004210B6
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,000000FF), ref: 004210C7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CloseCodeCreateExitHandleMessageMultipleObjectsPeekWaitlstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 324600049-0
                                                                                                                                                                                                                • Opcode ID: 7f4a3d4e33b91daddb3ea929f00414fc9b111da97e120e58226bafed796cf2f3
                                                                                                                                                                                                                • Instruction ID: 3dffdf06a737291873f8f2a6e8652bb0006e18bbc540970b1494574d247ef6e5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f4a3d4e33b91daddb3ea929f00414fc9b111da97e120e58226bafed796cf2f3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70215C71E01129BACB20DB9AED48DEFBF7CEF45750F504126F604E2161D3349A44CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041F8F3 Relevance: 7.6, APIs: 5, Instructions: 87filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041F8F8
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000001,?,?,00000104,?,?,00421BB9,?), ref: 0041F93F
                                                                                                                                                                                                                  • Part of subcall function 0041FEAC: CreateFileA.KERNELBASE(00000001,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000), ref: 0041FED6
                                                                                                                                                                                                                  • Part of subcall function 0041FEAC: GetLastError.KERNEL32(?,00000000), ref: 0041FEE3
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00421BB9,?), ref: 0041F965
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00421BB9,?), ref: 0041F976
                                                                                                                                                                                                                • ReadFile.KERNELBASE(?,004364BC,0000002E,00000000,00000000,?,?,00000000,00000000,?,?,00421BB9,?), ref: 0041F9D6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CreateErrorLast$H_prologReadlstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4136833577-0
                                                                                                                                                                                                                • Opcode ID: a6d87eeaf4506dc50ad78a2cfb4dfea8d531212b8077b885fc0bce7e2f0c90fe
                                                                                                                                                                                                                • Instruction ID: fd4749d7c02e4a30908832120bb4ab8b7105f271f2f7e71e18ecca959968e374
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6d87eeaf4506dc50ad78a2cfb4dfea8d531212b8077b885fc0bce7e2f0c90fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D231A170600744AEC7219F25D805BDBBAE8EF94700F00852FF99A92291C7B89985CB64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401F13 Relevance: 7.5, APIs: 5, Instructions: 46windowtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DefWindowProcA.USER32(?,?,?,?), ref: 00401F32
                                                                                                                                                                                                                • PostMessageA.USER32(?,00000002,00000000,00000000), ref: 00401F65
                                                                                                                                                                                                                • KillTimer.USER32(?,000005DC), ref: 00401F7C
                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401F84
                                                                                                                                                                                                                • SetTimer.USER32(?,000005DC,000003E8,00000000), ref: 00401FA5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessagePostTimer$KillProcQuitWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 707289242-0
                                                                                                                                                                                                                • Opcode ID: 7cdc30b1d889f0f5f9c58d4b10e16d4ab04c1d32c1917dd8dd486fde117d0a18
                                                                                                                                                                                                                • Instruction ID: 6c29bbbabaf7df6c4fe3fe7762a70853ec3ad68589ee213309b5fedc805840f3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cdc30b1d889f0f5f9c58d4b10e16d4ab04c1d32c1917dd8dd486fde117d0a18
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB11253464420AFFDB109F60ED49B5A3B70EB14712F808032FA05AA2F1CBB99861DF1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004225D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004225D6
                                                                                                                                                                                                                  • Part of subcall function 00402A71: __EH_prolog.LIBCMT ref: 00402A76
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                  • Part of subcall function 00402838: __EH_prolog.LIBCMT ref: 0040283D
                                                                                                                                                                                                                  • Part of subcall function 00402838: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000), ref: 00402866
                                                                                                                                                                                                                  • Part of subcall function 00402838: SetLastError.KERNEL32(?,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,00000000,?,00000000,0043DF90,?,00000000,00000001,?,00000000,00000001,?,00000000,?,00000000,?), ref: 004226EC
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004226F6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$CreateDirectoryFreeString
                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                • API String ID: 2554313312-2967466578
                                                                                                                                                                                                                • Opcode ID: 7e1c5595750a28a712c47e280ad4efadc4dbc49538d62b38b6cd69d877d996fb
                                                                                                                                                                                                                • Instruction ID: d485dd608b56c80c984296212773c132c9594d07c51ed861b2ff1dd6c8db9454
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e1c5595750a28a712c47e280ad4efadc4dbc49538d62b38b6cd69d877d996fb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8951B471D05219EADF10EFA4C9859EE7B78AF11308F10412FE816772D2DB789B09CB59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042D3B9 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000100,00000000,00000000), ref: 0042D433
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0042D43D
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000001,00000000,00000000), ref: 0042D503
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0042D50D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1948546556-0
                                                                                                                                                                                                                • Opcode ID: 799493770de8340921651b0047e1a4e61d7f5f04ed652fe5703e540b5390cdac
                                                                                                                                                                                                                • Instruction ID: 7981ace893b7f94823c480724b864cb9fedd9fead8594b11d5d11a185c4c065f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 799493770de8340921651b0047e1a4e61d7f5f04ed652fe5703e540b5390cdac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6851D770F043A5AFDF21CF58E88079A7BB0AF12308F94459BE8518B251C3B8D985CB5A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042996C Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 00429992
                                                                                                                                                                                                                  • Part of subcall function 0042B8DF: HeapCreate.KERNELBASE(00000000,00001000,00000000,004299CA,00000001), ref: 0042B8F0
                                                                                                                                                                                                                  • Part of subcall function 0042B8DF: HeapDestroy.KERNEL32 ref: 0042B92F
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 004299F2
                                                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 00429A1D
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00429A40
                                                                                                                                                                                                                  • Part of subcall function 00429A99: ExitProcess.KERNEL32 ref: 00429AB6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2057626494-0
                                                                                                                                                                                                                • Opcode ID: a0f4c82722fd59e793e131dea25edea367108f14881c217c00c55e1684b3fb53
                                                                                                                                                                                                                • Instruction ID: ea1197d6243cf218909449a6121b9f8e50b3c8dc489a28588beda4277db79b1a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0f4c82722fd59e793e131dea25edea367108f14881c217c00c55e1684b3fb53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 132191B1A00725ABDB08AFA6AC46B6E7BB8EF05714F90413FF9059A291DB384840C658
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00406CFF Relevance: 6.1, APIs: 4, Instructions: 59stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000001,0000044F,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D1E
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D2D
                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000044F,00000000,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D45
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(0000044F,00442430,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D62
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryErrorModePathTempWindowslstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3576100887-0
                                                                                                                                                                                                                • Opcode ID: b7d73adfd307bc68c164d3fabc87294ee3dcfcdc1990260a0ccc111e1119790e
                                                                                                                                                                                                                • Instruction ID: b69d5535ef00b8b7c4e708a5800bd473e2155ca5b900a041e0349cb83e74812d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7d73adfd307bc68c164d3fabc87294ee3dcfcdc1990260a0ccc111e1119790e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E10192213002127BE62037771D4AF2B69AD9FD1794F02443EB90AE6192E679C814827E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420E5D Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00420DE9: GetFileAttributesA.KERNELBASE(00000000,0041DDB5,00000000,00000000,?,?,?,00000000,00000000,?,?,00000001,00000000,?,00000001,Startup), ref: 00420DED
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001,00000000,00416396,00000000,00416396,?,00416396,00000000), ref: 00420E8A
                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00416396,00000080,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00420E92
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(00416396,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00420E99
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00420EA8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$AttributesErrorMode$Delete
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3807840792-0
                                                                                                                                                                                                                • Opcode ID: 3c5fe63f5666f1c64aaade41331113c6172d77fb4af8d8a870dc681e98d1c8f8
                                                                                                                                                                                                                • Instruction ID: c6563bbdc57ee089265497e618facf5b0e236b0b9bc09db3df052aa0227a2a10
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c5fe63f5666f1c64aaade41331113c6172d77fb4af8d8a870dc681e98d1c8f8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0E5323022323EE72027667C41F9B629CAF95754F03482BF241D5192CAA998C1467D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420EB2 Relevance: 6.0, APIs: 4, Instructions: 24fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001,00416396,00420E7A,00416396,00000000,00416396,?,00416396,00000000), ref: 00420EBE
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,?), ref: 00420ED6
                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00420EE3
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00420EEB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$ChangeCloseCreateFileFindNotification
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2956594108-0
                                                                                                                                                                                                                • Opcode ID: 2ff4a59268e39a730ff0fbe24609641005d5b1b40bfc619e416976da47b3024a
                                                                                                                                                                                                                • Instruction ID: 405786629e7b6d2f2016d5b4e0e9099925bb3a2aebc893b014746877b525b16b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ff4a59268e39a730ff0fbe24609641005d5b1b40bfc619e416976da47b3024a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE08C317882217AF2206370BC0AF4B3A54BB04B30F238A12F346BD0E0CAE524808B5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004031BB Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 414COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004031C0
                                                                                                                                                                                                                  • Part of subcall function 0040C4B0: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000001,00000000,00000000,?,004031E7,000000FF,?,74DE8B60,?,00000000), ref: 0040C4EA
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(000000FF,00000001,00000001,00000001,00000001,00000001,?,00000000,?,00000000,00000000,00000000,00000000,0043D138,FFFFFFFF,00000000), ref: 004036B6
                                                                                                                                                                                                                  • Part of subcall function 00404192: __EH_prolog.LIBCMT ref: 00404197
                                                                                                                                                                                                                  • Part of subcall function 0040477B: __EH_prolog.LIBCMT ref: 00404780
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ChangeCloseCreateFileFindNotification
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 929830201-410699589
                                                                                                                                                                                                                • Opcode ID: b3d9f8627aa223e6ae7cb68b7baa1b69447d7cec07cb323bfdee7a143655eeda
                                                                                                                                                                                                                • Instruction ID: bd79244b645d401699d35c1eff96bbf2ca76abef40d1807dbf078776b69c0f53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3d9f8627aa223e6ae7cb68b7baa1b69447d7cec07cb323bfdee7a143655eeda
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF17B75D01289AADF11EBE5D881EEEBB7CAF55308F1040AFF54173282DA385B45CB29
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041BE05 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041BE0A
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000), ref: 0041BF5F
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: __EH_prolog.LIBCMT ref: 0041F8F8
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: lstrcpyA.KERNEL32(00000001,?,?,00000104,?,?,00421BB9,?), ref: 0041F93F
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00421BB9,?), ref: 0041F965
                                                                                                                                                                                                                  • Part of subcall function 0041F8F3: GetLastError.KERNEL32(?,?,00421BB9,?), ref: 0041F976
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ErrorLast$File$CreateModuleNamelstrcpy
                                                                                                                                                                                                                • String ID: tdC
                                                                                                                                                                                                                • API String ID: 3951192609-1123919639
                                                                                                                                                                                                                • Opcode ID: 0de6e3f85053bf967be40e01bcf5d1c78179038eb81943f48b7db040f9511d5a
                                                                                                                                                                                                                • Instruction ID: efea19c4320025fb9385961dfa47d0e25604c03ed376d227f94fb28ac2888fc5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0de6e3f85053bf967be40e01bcf5d1c78179038eb81943f48b7db040f9511d5a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3514EF1904744AED720DF799885AD7BBECBF19304F80486FA2AE93201C3786544CB29
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041010F
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,00442430,?,?,00442430,00000000,00000104,?,00000003,00000000), ref: 00410168
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcmp
                                                                                                                                                                                                                • String ID: 0$D
                                                                                                                                                                                                                • API String ID: 4174983478-1534285997
                                                                                                                                                                                                                • Opcode ID: 1422c27b0368775e830e3ea70d2da50d2d876fdb24f23ad93b414bbc74c8c6fb
                                                                                                                                                                                                                • Instruction ID: 7a9f2032f419e15734138953a80e5f7d15bd585069acb9fc2485cfea9ae567f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1422c27b0368775e830e3ea70d2da50d2d876fdb24f23ad93b414bbc74c8c6fb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C601D872A00218BBEF24DB55DD46BDE7B78EB45714F00446BF604A2180D7BC9A44CA65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040FBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0041010A: __EH_prolog.LIBCMT ref: 0041010F
                                                                                                                                                                                                                  • Part of subcall function 0041010A: lstrcmpA.KERNEL32(00000000,00442430,?,?,00442430,00000000,00000104,?,00000003,00000000), ref: 00410168
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040FC1E
                                                                                                                                                                                                                  • Part of subcall function 0040FBAF: GetTickCount.KERNEL32 ref: 0040FBC9
                                                                                                                                                                                                                  • Part of subcall function 0040FBAF: GetTickCount.KERNEL32 ref: 0040FBDA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountTick$H_prologlstrcmp
                                                                                                                                                                                                                • String ID: SplashTime$Startup
                                                                                                                                                                                                                • API String ID: 3312283085-926283664
                                                                                                                                                                                                                • Opcode ID: 4163f4fce0209446c350b72b6d7b682e3047a131d82f615007014c18e45af6b5
                                                                                                                                                                                                                • Instruction ID: b500f0ec68b69b4bd4225037aa643765ae73a5ee5a8f44701727d59769f55901
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4163f4fce0209446c350b72b6d7b682e3047a131d82f615007014c18e45af6b5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCD012329401216ED214EF24FD5AE9977B4EB49701F12117AF604670F1DE686A458B5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004221F3 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004221F8
                                                                                                                                                                                                                  • Part of subcall function 00402838: __EH_prolog.LIBCMT ref: 0040283D
                                                                                                                                                                                                                  • Part of subcall function 00402838: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000), ref: 00402866
                                                                                                                                                                                                                  • Part of subcall function 00402838: SetLastError.KERNEL32(?,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                • UuidToStringA.RPCRT4(?,?), ref: 00422234
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                  • Part of subcall function 0042287A: __EH_prolog.LIBCMT ref: 0042287F
                                                                                                                                                                                                                  • Part of subcall function 0042287A: CharUpperA.USER32(00000000,00000000,?,00000000,?,?,004364BC), ref: 004228A5
                                                                                                                                                                                                                • RpcStringFreeA.RPCRT4(?), ref: 00422284
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$String$CharFree$ByteMultiUpperUuidWidelstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1364089029-0
                                                                                                                                                                                                                • Opcode ID: 6937ebdcd0010d660cfd32cb723d8c5d9277aa503c93cd58d01f98c115dba8b9
                                                                                                                                                                                                                • Instruction ID: d1d6bb408459ba66341a3973ececed2d3d12c0a88aef9bd2f39aa7d7f0f762dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6937ebdcd0010d660cfd32cb723d8c5d9277aa503c93cd58d01f98c115dba8b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9215672D00108ABDB11EF95D945BEDBBB8EF08304F20806FE551B3281DB785A05CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00428EA2 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00428E8D,00000000,00000000,00000000,0041D3DB), ref: 00428EB7
                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00428EBE
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00428F3F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                • Opcode ID: 82477ec68f16d5c2a215b372348368e778f8c142e422374d0e30e162648598d8
                                                                                                                                                                                                                • Instruction ID: 439ac86c4fbbbad79e2fc580b60dd2d8bbf02ef4bf8505d176756a3d869842df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82477ec68f16d5c2a215b372348368e778f8c142e422374d0e30e162648598d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23012B31706321AFCA14AB28FD8561E77B5AB42758F93403FF84497191CF3C98418B1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405443 Relevance: 4.5, APIs: 3, Instructions: 40fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040CC94,00000000,00000000,?,00000000,?,?,0040C4C3), ref: 00405463
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,0040CC94,00000000,00000000,?,00000000,?,?,0040C4C3,?,004031E7,000000FF,?,74DE8B60), ref: 0040546E
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,0040CC94,00000000,00000000,?,00000000,?,?,0040C4C3,?,004031E7,000000FF,?,74DE8B60,?), ref: 004054A2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$ChangeCloseCreateFindNotificationSize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4178644524-0
                                                                                                                                                                                                                • Opcode ID: 8fde2b30f74bb51d96042435e0be75e7930e01369e2cdd6c6eda802e2f580cb0
                                                                                                                                                                                                                • Instruction ID: 2c7b378aeabc11832d89b9ede0ff79c1c68b6bf830cb8a1397284c5b242b197e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fde2b30f74bb51d96042435e0be75e7930e01369e2cdd6c6eda802e2f580cb0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF06230705A117BEA30AA259C40BAB2648DB02761F128275F960FA2D0D7B9D8828A6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408DBE Relevance: 4.5, APIs: 3, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,0041E0C3,?,00000000,00000000,02151168,?,00000000,?,0041ED6D,?,000000FF,00000000,?,0041E0C3), ref: 00408DD6
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00408DDD
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,0041E0C3,000000FF,00000000,-00000001,?,00000000,?,0041ED6D,?,000000FF,00000000,?,0041E0C3,00000000), ref: 00408DF3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 262959230-0
                                                                                                                                                                                                                • Opcode ID: fd274a0803024e5ffe2f5781e65232e753bf55ce621dd83079b373fb09a10f9f
                                                                                                                                                                                                                • Instruction ID: af01873644c012e77a3f598e07fd4046b7ce5a162c17e4336a1a67cca3da1ca8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd274a0803024e5ffe2f5781e65232e753bf55ce621dd83079b373fb09a10f9f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60E06DB210011DBFAB102F669CC8CEBBF6DEE452F47018236F91886161CA358C008AB0
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042093B Relevance: 4.5, APIs: 3, Instructions: 32fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?), ref: 00420971
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00420981
                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(?), ref: 0042098E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateDeleteHandlelstrcatlstrcpynlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4178870998-0
                                                                                                                                                                                                                • Opcode ID: d418bba11bb1840345df3105c9ead4aa07fecea17c00cafd7d01879e930cc856
                                                                                                                                                                                                                • Instruction ID: 654e1543646e58ad09d866fab23c197c82410db99f9cb7193263a5a2a0cb3f5c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d418bba11bb1840345df3105c9ead4aa07fecea17c00cafd7d01879e930cc856
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85F065F26001097BEF6067B0AD0AFA776ACBB00318F1186A1F706E10D1D674D9464B5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420E23 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00420E06: GetFileAttributesA.KERNELBASE(?,00420E2F,?,00000000,00401C7E,?,00000000,?,00000400), ref: 00420E0A
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001,00000000,?,00000000,00401C7E,?,00000000,?,00000400), ref: 00420E3F
                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?), ref: 00420E45
                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00000000), ref: 00420E54
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorMode$AttributesDirectoryFileRemove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2449359760-0
                                                                                                                                                                                                                • Opcode ID: 62d53ddd84c9b852e31484cc92b19fac42862430774747a157454aec4ca2e256
                                                                                                                                                                                                                • Instruction ID: c2d687b438b77a7ed96c26472e172f0f006399f70e4878719734f6efe088be25
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d53ddd84c9b852e31484cc92b19fac42862430774747a157454aec4ca2e256
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E01D3130422175D7501767BC05F5B7FD5ABC1761F46883BB644D6191CA61C891C665
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00413BD5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00413BDA
                                                                                                                                                                                                                  • Part of subcall function 004134C4: __EH_prolog.LIBCMT ref: 004134C9
                                                                                                                                                                                                                  • Part of subcall function 004098E1: lstrcpyA.KERNEL32(?,?,?,00000000,00413C70,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,00429A4C,00000001,00000000,?,?,00000000), ref: 004098FA
                                                                                                                                                                                                                  • Part of subcall function 004098E1: lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,00000000), ref: 00409909
                                                                                                                                                                                                                  • Part of subcall function 0040995B: __EH_prolog.LIBCMT ref: 00409960
                                                                                                                                                                                                                  • Part of subcall function 00409945: FreeLibrary.KERNELBASE(6CBC0000,00413CBF,?,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,00429A4C,00000001,00000000,?,?,00000000), ref: 00409954
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 00413C5F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$FreeLibrary
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 453652589-2458444898
                                                                                                                                                                                                                • Opcode ID: 80949cb18201c5270043ba6cacef1467be17d25f47d9dc443dfa8830c6ab09f5
                                                                                                                                                                                                                • Instruction ID: 37f53a2ae9a0ab82f7da90e2a808561965d6668d7d3e9f71d37aba212b3b760a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80949cb18201c5270043ba6cacef1467be17d25f47d9dc443dfa8830c6ab09f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E13175B2A001199ACF21EF65C8416EFB779AF44345F00817FE515B3281EB395F8ACB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040E565 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040E56A
                                                                                                                                                                                                                  • Part of subcall function 0040F6C8: RegOpenKeyExA.KERNELBASE(80000001,Software\InstallShield\ISWI\7.0\SetupExeLog,00000000,00000001,00000000,?,?,?,0040E584,00000000,00000000), ref: 0040F6DF
                                                                                                                                                                                                                  • Part of subcall function 0040F6C8: RegQueryValueExA.ADVAPI32(00000000,SetupLogFileName,00000000,00000000, /qn SIMHP=0 SIMSP=0 ,00000000,?,?,?,0040E584), ref: 0040F705
                                                                                                                                                                                                                  • Part of subcall function 0040F6C8: RegCloseKey.ADVAPI32(00000000,?,?,?,0040E584), ref: 0040F719
                                                                                                                                                                                                                  • Part of subcall function 0041BE05: __EH_prolog.LIBCMT ref: 0041BE0A
                                                                                                                                                                                                                  • Part of subcall function 0041BE05: GetModuleFileNameA.KERNEL32(00000000), ref: 0041BF5F
                                                                                                                                                                                                                  • Part of subcall function 0040E6B6: __EH_prolog.LIBCMT ref: 0040E6BB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$CloseFileModuleNameOpenQueryValue
                                                                                                                                                                                                                • String ID: /f1
                                                                                                                                                                                                                • API String ID: 2986767852-2921927892
                                                                                                                                                                                                                • Opcode ID: 478fcfb5cbb1e7683c7b58fd8f7e43d2ec666307f603eec7b4150bbfd3749382
                                                                                                                                                                                                                • Instruction ID: 9a99e969d21ab7a9f3ed421c0995c662ce9ff401745247acc8711eb2e2d5aa73
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 478fcfb5cbb1e7683c7b58fd8f7e43d2ec666307f603eec7b4150bbfd3749382
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A310970A40619AFCF14EFA5DC41AEEB7B5AB04308F00897FB515A32D1DB389A45CF58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00422056 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0042205B
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                  • Part of subcall function 00402A71: __EH_prolog.LIBCMT ref: 00402A76
                                                                                                                                                                                                                • SearchPathA.KERNELBASE(00429A4C,00000000,00000000,00000104,00000000,00000000,?,?,00000104,?,00000000,?,00000000,00000000,?,004364B4), ref: 00422130
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ErrorLast$ByteCharFreeMultiPathSearchStringWidelstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1718721855-0
                                                                                                                                                                                                                • Opcode ID: a56dcf15b303c175d349cce93b64685c82103b323fee21eb00bd1c0de383688c
                                                                                                                                                                                                                • Instruction ID: 7281f7eb01d0a4b88eea5be283aa6d2405ce5e402544478713ab92ff65becab1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a56dcf15b303c175d349cce93b64685c82103b323fee21eb00bd1c0de383688c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5731AD71C01128EADB15EBA1D955BDEBB78AF14308F10806FA416732D2DF785B09CBA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042D093 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,00000100,004311B7,0042D06B,004311B7,004311B7,00000100,00000000,004311B7,00000000), ref: 0042D0CD
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0042D0D7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1687624791-0
                                                                                                                                                                                                                • Opcode ID: d6e4f5045375b0681eabfa4df8bde623b73ddc7256529fe2f826ecee34af5c45
                                                                                                                                                                                                                • Instruction ID: 9e47c801318ad3389be7fb8368fd2611493ffbc3dd8054231ba77c7e811dbeed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6e4f5045375b0681eabfa4df8bde623b73ddc7256529fe2f826ecee34af5c45
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E01F237B0553126CA2436797C49A6F26958F85378FA6421FF850872E2DE1CA882815E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040995B Relevance: 3.0, APIs: 2, Instructions: 33stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409960
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00442898,?,?,?,00000000), ref: 00409991
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3221978047-0
                                                                                                                                                                                                                • Opcode ID: 66ea000716403ea867250840a99ea9121412f419596ed993aed7b553ff1063e5
                                                                                                                                                                                                                • Instruction ID: 5e19445f66e371b5125042c1bb9af530c88cd094a581702f8e8ede0daf29de76
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66ea000716403ea867250840a99ea9121412f419596ed993aed7b553ff1063e5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5F031B06101059BCB14FBA5DD52A6E7B74AB10304F50423FB405B22E2D7389E45DA5D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042B8DF Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,004299CA,00000001), ref: 0042B8F0
                                                                                                                                                                                                                  • Part of subcall function 0042B797: GetVersionExA.KERNEL32 ref: 0042B7B6
                                                                                                                                                                                                                • HeapDestroy.KERNEL32 ref: 0042B92F
                                                                                                                                                                                                                  • Part of subcall function 0042B93C: HeapAlloc.KERNEL32(00000000,00000140,0042B918,000003F8), ref: 0042B949
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2507506473-0
                                                                                                                                                                                                                • Opcode ID: 31d40141270d94cc6a46d3aa6a4055636487e8a3a98ec23df310f2208fc2150e
                                                                                                                                                                                                                • Instruction ID: 15a62b593e40064b2939184925604b465d4c5a409540050c7cc12b7d7b2423a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31d40141270d94cc6a46d3aa6a4055636487e8a3a98ec23df310f2208fc2150e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1F0E5B071031169EF105B30BC8132A27A4E741782F90483BF240C41B1EF68C5C0928E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F736 Relevance: 3.0, APIs: 2, Instructions: 26registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(00000104,00000000,00000000,00000104,0041DD97,00000000,00000000,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104), ref: 0040F750
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?,00000104,00000000,00000104), ref: 0040F761
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 47109696-0
                                                                                                                                                                                                                • Opcode ID: fcf42b7071bbc811937dc5c00fd557c6fc3bea96d662c0c30168c6d6cc05cf52
                                                                                                                                                                                                                • Instruction ID: 65e5ab2454bdaf6d8e84c36c64ef74bd3ac68362bc81c5163f3489a93d7c1e2d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcf42b7071bbc811937dc5c00fd557c6fc3bea96d662c0c30168c6d6cc05cf52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AF06D76100309FBDB289F50CD46F9E7BB9FF00352F20403DE84266290E779AA54DB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004092B3 Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 004092CA
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 004092D5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1948546556-0
                                                                                                                                                                                                                • Opcode ID: b3954d8a14c549779665d43f20616fe643173d41e1ffe32812fb1309b7b3b8dc
                                                                                                                                                                                                                • Instruction ID: b3786d8346194a81b066783532a8c1351fa494dd91f8d9d5e775e0898297fa46
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3954d8a14c549779665d43f20616fe643173d41e1ffe32812fb1309b7b3b8dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FE04F7150020ABBCF01EFE1DC05F9E7BACAB04358F1486A8F511E10E0D375DA04AB18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004204D4 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004204E6
                                                                                                                                                                                                                  • Part of subcall function 00420519: __EH_prolog.LIBCMT ref: 0042051E
                                                                                                                                                                                                                  • Part of subcall function 00420519: lstrlenA.KERNEL32(?,?,?,00442430,?,0000012C,?,?), ref: 00420576
                                                                                                                                                                                                                • LoadStringA.USER32(?,?,?), ref: 00420511
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologLoadStringlstrlenwsprintf
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1702443186-0
                                                                                                                                                                                                                • Opcode ID: b02884302cfeef6ca01e1a4eda024c24b99831da0c58c30361dc7f9f84136272
                                                                                                                                                                                                                • Instruction ID: 1ff97d53820bb28816c85ea0110b08f57152111c0e33396a0b6648f6737dc01a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b02884302cfeef6ca01e1a4eda024c24b99831da0c58c30361dc7f9f84136272
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E0ED7550010FBBCF01AFA4DC05CDE7BB9FB14309F408025F90496072E636D6659B99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042287A Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0042287F
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                • CharUpperA.USER32(00000000,00000000,?,00000000,?,?,004364BC), ref: 004228A5
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharErrorH_prologLast$ByteMultiUpperWidelstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4031648777-0
                                                                                                                                                                                                                • Opcode ID: e6475888946e5a6a9a77991031e5e9c46f6ca0a477bfaac3adc9cdebf6849569
                                                                                                                                                                                                                • Instruction ID: 65494ebd6a4bf33fe3e8ba5097e30035293bf86bb6232543310295b324e9610c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6475888946e5a6a9a77991031e5e9c46f6ca0a477bfaac3adc9cdebf6849569
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AE06D32C00604DBCB50FBE9D94A79DBBB8FF04318F10866EE452A31D1DB788A05DB54
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042013A Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,00000000,74DF34C0,0041FF13,00000000,?,00000000,00000000,?,00000000), ref: 0042014E
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00420156
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                • Opcode ID: 2b00e5b1f5f3d5fe0549baf27db718936553d5fb372dc2ff09323e6b29fd48a5
                                                                                                                                                                                                                • Instruction ID: 3e934752bce40e7164ea14a281ebd23501888b9b04debd078ae3a7c2ce254d4d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b00e5b1f5f3d5fe0549baf27db718936553d5fb372dc2ff09323e6b29fd48a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAE048367042115BCB109F25AC0449B7ED2DBD43B0F014929F551821B2D7718C5596A5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004095F0 Relevance: 2.6, APIs: 2, Instructions: 95COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00409390: CreateFileA.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00409977,00000000,00000000,?,00000000), ref: 004093D3
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,FFFFD8EB,00000000,00409977), ref: 00409648
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateFileHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3498533004-0
                                                                                                                                                                                                                • Opcode ID: 8070ad5413aa0bf9c188c8f5ae3ec1d6536aadafaa8af280628d107603267cfb
                                                                                                                                                                                                                • Instruction ID: b87e61db47e75556292f6dd9e1d814bad7377b15c9b941538b6f2ea049c4b892
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8070ad5413aa0bf9c188c8f5ae3ec1d6536aadafaa8af280628d107603267cfb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0212C725001287ADB206BE5BC85DEF336CDB45358F410577FA01E21C3E6799E008ABD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00406B7B Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00406B80
                                                                                                                                                                                                                  • Part of subcall function 0041AD16: GetVersionExA.KERNEL32(?,?,?), ref: 0041AD43
                                                                                                                                                                                                                  • Part of subcall function 0041AD16: GetSystemInfo.KERNELBASE(?,?,?), ref: 0041AD83
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrlenA.KERNEL32(?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1BA
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1D6
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1DE
                                                                                                                                                                                                                  • Part of subcall function 00406CFF: GetTempPathA.KERNEL32(00000001,0000044F,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D1E
                                                                                                                                                                                                                  • Part of subcall function 00406CFF: SetErrorMode.KERNELBASE(00008003,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D2D
                                                                                                                                                                                                                  • Part of subcall function 00406CFF: GetWindowsDirectoryA.KERNEL32(0000044F,00000000,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D45
                                                                                                                                                                                                                  • Part of subcall function 00406CFF: lstrcpyA.KERNEL32(0000044F,00442430,?,00000000,00000000,00406C10,?,00000400,00000000,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 00406D62
                                                                                                                                                                                                                  • Part of subcall function 0041CEBE: __EH_prolog.LIBCMT ref: 0041CEC3
                                                                                                                                                                                                                  • Part of subcall function 0041CEBE: wsprintfA.USER32 ref: 0041CF86
                                                                                                                                                                                                                  • Part of subcall function 0041CEBE: wsprintfA.USER32 ref: 0041CFC3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$H_prologwsprintf$DirectoryErrorInfoModePathSystemTempVersionWindowslstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1572838600-0
                                                                                                                                                                                                                • Opcode ID: 05fc4206e4d519ae0e04e05a242c0e56e86af8c530aea6e58ae29c7fe012134c
                                                                                                                                                                                                                • Instruction ID: 3aa352bdaa7b785ea94314c5ea2f4d6b200f1442287c693153957bba92762ac3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05fc4206e4d519ae0e04e05a242c0e56e86af8c530aea6e58ae29c7fe012134c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D31D370B442109BEB14B7725E937BE269A9B54718F00003FF943B62D2EF7D8D92925E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00427AB7 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00427B9E
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B731
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: EnterCriticalSection.KERNEL32(?,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B74C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1616793339-0
                                                                                                                                                                                                                • Opcode ID: dd2ee37d2908af2f2294d7ac1643f2725b7ef1e5e80e42d524f77bf0b9eff4dc
                                                                                                                                                                                                                • Instruction ID: 6d312c49e9185f34bd3c7d6f54b3582efc9b8d57fe8b42cfde72d50a8c2652c1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd2ee37d2908af2f2294d7ac1643f2725b7ef1e5e80e42d524f77bf0b9eff4dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D221B731B44225ABDB10AF69FC42B9E7B64EB01768F544117F420E76D1C77CB8418A9D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00427990 Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074), ref: 00427A64
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B731
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: EnterCriticalSection.KERNEL32(?,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B74C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 641406236-0
                                                                                                                                                                                                                • Opcode ID: 269192babbb5833acde5721490ddd7924fcd5bd82ba113cb2fe416dedd3c8dfe
                                                                                                                                                                                                                • Instruction ID: 28a29f52988bf89172a52b7001ea7628a37087f53e1ed1003c98ef33a96bc608
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 269192babbb5833acde5721490ddd7924fcd5bd82ba113cb2fe416dedd3c8dfe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F21DA72A05225ABDF109B55EC42B9FBB78FF05774F54011BF411A22C0DB7C8A40CAAD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C33B Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041C340
                                                                                                                                                                                                                  • Part of subcall function 0041C73F: __EH_prolog.LIBCMT ref: 0041C744
                                                                                                                                                                                                                  • Part of subcall function 0041C73F: lstrlenA.KERNEL32(?,?,?,?,00000000), ref: 0041C86E
                                                                                                                                                                                                                  • Part of subcall function 0041C961: __EH_prolog.LIBCMT ref: 0041C966
                                                                                                                                                                                                                  • Part of subcall function 0041C961: IsValidCodePage.KERNEL32(?,?,00000000), ref: 0041CA7C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$CodePageValidlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2211208318-0
                                                                                                                                                                                                                • Opcode ID: 640bb4b680d8428f90d16e3a1d571cb21eea9cc700255bf164e1c7b902a806b8
                                                                                                                                                                                                                • Instruction ID: ebbe5edad7b7ce73e95dc5e5a851f190d82bf37c2507a461ebfee1e5cde49e65
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 640bb4b680d8428f90d16e3a1d571cb21eea9cc700255bf164e1c7b902a806b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D211C870A40319CACB14F7B2CD926EE77649F14358F10812FE922A21D2EB7C5E85C75D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041FE28 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ReadFile.KERNELBASE(?,00000000,00000138,00000000,00000000), ref: 0041FE63
                                                                                                                                                                                                                  • Part of subcall function 0042013A: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,00000000,74DF34C0,0041FF13,00000000,?,00000000,00000000,?,00000000), ref: 0042014E
                                                                                                                                                                                                                  • Part of subcall function 0042013A: GetLastError.KERNEL32(?,00000000), ref: 00420156
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$ErrorLastPointerRead
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 64821003-0
                                                                                                                                                                                                                • Opcode ID: 5a6fd10768158b153dbeb68efbbbae928733d1699d8592b4385cea2226d8c5f7
                                                                                                                                                                                                                • Instruction ID: a5b460198df7071348844322edae114eb36f02362f1dc816e87a17c3952b64e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a6fd10768158b153dbeb68efbbbae928733d1699d8592b4385cea2226d8c5f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5901D871300305BBEB115B51DC85FEFBA6CEF50344F10003AB808951A2DBB89D95C668
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409390 Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00409977,00000000,00000000,?,00000000), ref: 004093D3
                                                                                                                                                                                                                  • Part of subcall function 0040935D: SetFilePointer.KERNEL32(00000000,00000000,00000000,004093F1,00000000,004093F1,00000000,00000000,00000002,?,?,?,?,00409977,00000000,00000000), ref: 0040936C
                                                                                                                                                                                                                  • Part of subcall function 0040935D: GetLastError.KERNEL32(00000000,?,?,?,?,00409977,00000000,00000000), ref: 0040937B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CreateErrorLastPointer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2723331319-0
                                                                                                                                                                                                                • Opcode ID: f988b64e3a7a9b8c04d698d3d5c5f2502a13178b91f1f2032bacd81aa2d59db3
                                                                                                                                                                                                                • Instruction ID: 43e8e52a715e90aadfac68f1a3a726074283e65d01640faf02567137a8876eaa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f988b64e3a7a9b8c04d698d3d5c5f2502a13178b91f1f2032bacd81aa2d59db3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28014876800128BACF119B968C458DFBFBDEF49260F0481A6F924A2191D6304A14DBA0
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040C4B0 Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0040CD2F: GetFileAttributesA.KERNELBASE(?,0040C4B8,?,004031E7,000000FF,?,74DE8B60,?,00000000), ref: 0040CD3C
                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000001,00000000,00000000,?,004031E7,000000FF,?,74DE8B60,?,00000000), ref: 0040C4EA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                • Opcode ID: 0a6c85291bce8ba4e35f91148df6710676a4c09d39759feed857dd042812fa3f
                                                                                                                                                                                                                • Instruction ID: 2700dd922ad360aad2872322d011fe432f54a22da9e5c63381fbb492d28b4eec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a6c85291bce8ba4e35f91148df6710676a4c09d39759feed857dd042812fa3f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9001A234204321FADE355F388C85B5773A5AB92764F24476EB8A0BB3D1C679E8428718
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041ED52 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041ED57
                                                                                                                                                                                                                  • Part of subcall function 00408DBE: MultiByteToWideChar.KERNEL32(00000000,00000000,0041E0C3,?,00000000,00000000,02151168,?,00000000,?,0041ED6D,?,000000FF,00000000,?,0041E0C3), ref: 00408DD6
                                                                                                                                                                                                                  • Part of subcall function 00408DBE: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00408DDD
                                                                                                                                                                                                                  • Part of subcall function 00408DBE: MultiByteToWideChar.KERNEL32(00000000,00000000,0041E0C3,000000FF,00000000,-00000001,?,00000000,?,0041ED6D,?,000000FF,00000000,?,0041E0C3,00000000), ref: 00408DF3
                                                                                                                                                                                                                  • Part of subcall function 0041EF4E: __EH_prolog.LIBCMT ref: 0041EF53
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharH_prologMultiWide$AllocString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3359658865-0
                                                                                                                                                                                                                • Opcode ID: 8461af1d08abe85b958c29dd4f5334a0dbe8291295c8a8e4706ef93040e3fe12
                                                                                                                                                                                                                • Instruction ID: a104c9c6b2ecf53ec8ed17965cc1085700011650c876502ac03c3daff6fe7a7f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8461af1d08abe85b958c29dd4f5334a0dbe8291295c8a8e4706ef93040e3fe12
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7E06571A04610AFC714EF6D9401589BBE0EF58720B10862FF4A9D3781DB7495008758
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004221BF Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • UuidCreate.RPCRT4(?), ref: 004221CF
                                                                                                                                                                                                                  • Part of subcall function 004221F3: __EH_prolog.LIBCMT ref: 004221F8
                                                                                                                                                                                                                  • Part of subcall function 004221F3: UuidToStringA.RPCRT4(?,?), ref: 00422234
                                                                                                                                                                                                                  • Part of subcall function 004221F3: RpcStringFreeA.RPCRT4(?), ref: 00422284
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: StringUuid$CreateFreeH_prolog
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3305673060-0
                                                                                                                                                                                                                • Opcode ID: 915aff2d9ab80116cdea702a9fc3f73abc8dab60d36e1b17a51458fcd1f57ec5
                                                                                                                                                                                                                • Instruction ID: 9280f1a5512b0dbe98bfa00621665162f5387750ed37671c6aec0714126c36b1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 915aff2d9ab80116cdea702a9fc3f73abc8dab60d36e1b17a51458fcd1f57ec5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06E04F72900108A7CB00FF5DDD06ADF3779AB81215F510050BD016B101D6B1A71486E5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040CD2F Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,0040C4B8,?,004031E7,000000FF,?,74DE8B60,?,00000000), ref: 0040CD3C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                • Opcode ID: 610ce8b2da3444d03fd0c4c23c22fa3b009c5b9b1acbf13af15fcb27963d7fd8
                                                                                                                                                                                                                • Instruction ID: 47b1c89497ab378b2642fe6e5767a74cebaa604565f78357807421ab14a907cc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 610ce8b2da3444d03fd0c4c23c22fa3b009c5b9b1acbf13af15fcb27963d7fd8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FD012B0701501BBEF205F7C59C46132B494F51725F659B72F528E91E5E73DEC435118
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420DE9 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,0041DDB5,00000000,00000000,?,?,?,00000000,00000000,?,?,00000001,00000000,?,00000001,Startup), ref: 00420DED
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                • Opcode ID: a990562a17f2efe54dd0d8e4a192a218e5540c45867ad45db911261b1f50e328
                                                                                                                                                                                                                • Instruction ID: e84274b524c19f23fd4252e51799b94d1dc2fb2cc0d5947f52604efb17535398
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a990562a17f2efe54dd0d8e4a192a218e5540c45867ad45db911261b1f50e328
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8C08C3021411169EA1006347E9972B22C34B50374FA28E62F066E89E2C3A658E2A098
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420E06 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00420E2F,?,00000000,00401C7E,?,00000000,?,00000400), ref: 00420E0A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                • Opcode ID: e1fa923a7c5ddec283ea7af52ed80c8d2525f01d8d5c68df143d3def0c66a958
                                                                                                                                                                                                                • Instruction ID: ab2428337902331717d0bdb8526ece210e9b0085914efaf5d75b17f74e315a58
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1fa923a7c5ddec283ea7af52ed80c8d2525f01d8d5c68df143d3def0c66a958
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FC08C3020011969E2102B287E0A627A2C34B40720FA28E23F065C02F7D7B45CF2A018
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409945 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(6CBC0000,00413CBF,?,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,00429A4C,00000001,00000000,?,?,00000000), ref: 00409954
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                • Opcode ID: 0a23568bb18c7dceeb8dd4794b7acddf1a30e66876609b562cd9638acf4a3e28
                                                                                                                                                                                                                • Instruction ID: f3b6f1561a8c4c17b66990b8147c3dbae7f77a6518d596066385ebffc416e16c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a23568bb18c7dceeb8dd4794b7acddf1a30e66876609b562cd9638acf4a3e28
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41B0926060010257CE00AB35995A5062758A60230530094397015E2293CA39D8008A1C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041FAA6 Relevance: 1.3, APIs: 1, Instructions: 7stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(004364BC,0041F9EC), ref: 0041FAB2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1586166983-0
                                                                                                                                                                                                                • Opcode ID: af7841e1511708443b59dbf1bb550e148c2fee9578cb4c4a51736c2e609b25bd
                                                                                                                                                                                                                • Instruction ID: 72b34a910fbd54397dd1a57041b65e792349bea6d35aa6378d2aa83b50b2be9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: af7841e1511708443b59dbf1bb550e148c2fee9578cb4c4a51736c2e609b25bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEB092711A60199ACB051F30EC0AAA03A21BB02206B256674A106C50F0C7220012AB04
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00422B9D Relevance: 91.1, APIs: 26, Strings: 26, Instructions: 118libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(wininet.dll,00000000,004087FF,?,00000000,?,00408A30,?,00000000,?,00000000,00000001,00000000), ref: 00422BB2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InternetOpenA), ref: 00422BD2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetOpenUrlA), ref: 00422BE4
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetConnectA), ref: 00422BF6
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCrackUrlA), ref: 00422C08
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCreateUrlA), ref: 00422C1A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCloseHandle), ref: 00422C2C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetReadFile), ref: 00422C3E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00422C50
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(FtpFindFirstFileA), ref: 00422C62
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetGetLastResponseInfoA), ref: 00422C74
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 00422C86
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetGetConnectedState), ref: 00422C98
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetAutodial), ref: 00422CAA
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetErrorDlg), ref: 00422CBC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpOpenRequestA), ref: 00422CCE
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpSendRequestA), ref: 00422CE0
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpSendRequestExA), ref: 00422CF2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpEndRequestA), ref: 00422D04
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetQueryOptionA), ref: 00422D16
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetQueryDataAvailable), ref: 00422D28
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetCanonicalizeUrlA), ref: 00422D3A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetGetCookieA), ref: 00422D4C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetCookieA), ref: 00422D5E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetStatusCallbackA), ref: 00422D70
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetStatusCallback), ref: 00422D86
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                • String ID: FtpFindFirstFileA$HttpEndRequestA$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$HttpSendRequestExA$InternetAutodial$InternetCanonicalizeUrlA$InternetCloseHandle$InternetConnectA$InternetCrackUrlA$InternetCreateUrlA$InternetErrorDlg$InternetGetConnectedState$InternetGetCookieA$InternetGetLastResponseInfoA$InternetOpenA$InternetOpenUrlA$InternetQueryDataAvailable$InternetQueryOptionA$InternetReadFile$InternetSetCookieA$InternetSetOptionA$InternetSetStatusCallback$InternetSetStatusCallbackA$wininet.dll
                                                                                                                                                                                                                • API String ID: 2238633743-3702687842
                                                                                                                                                                                                                • Opcode ID: d407672e3b00b0813039beca705d61a57e6e4043f84e57ca1dd714d78f20b21d
                                                                                                                                                                                                                • Instruction ID: 3853cf1cd588a7616cda52eeea2f533c80e99f11612c41839a7b973dcb8deec8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d407672e3b00b0813039beca705d61a57e6e4043f84e57ca1dd714d78f20b21d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D41F278D51B25BFDF11AF22FC05A393E72E70A75A7205037A4088A1FAD6B60951DF8C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042123B Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 119threadmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00421260
                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421267
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421277
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421286
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 0042128D
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421293
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,hSA,?,?,?,?,?,?,?,?,00415368), ref: 004212AF
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 004212B5
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,00000001,00000001,?,?,?,?,?,?,?,?,00415368), ref: 004212DA
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004212F7
                                                                                                                                                                                                                • EqualSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421328
                                                                                                                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,00415368,?,?,00000001,00000000,00000000), ref: 00421347
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$ErrorLast$CurrentInformationOpenProcessThread$AllocateEqualFreeInitialize
                                                                                                                                                                                                                • String ID: hSA
                                                                                                                                                                                                                • API String ID: 884311744-700988443
                                                                                                                                                                                                                • Opcode ID: aea1aa4eb6baee84e7df4dca63ba7ddfc1e4baf7e9e58ee941e3e829f7e6c467
                                                                                                                                                                                                                • Instruction ID: f469a3b1809832485b330c930bc583c3d161c06b48a21c235e6a0c291fc4db1d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aea1aa4eb6baee84e7df4dca63ba7ddfc1e4baf7e9e58ee941e3e829f7e6c467
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD31A472A00259BFEF11DBA4AC45AEFBBF9EF15344F904076E900F2160D6359E44CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00413D18 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 114filetimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00413D1D
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,00000000,00000000,00000003), ref: 00413D4F
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,|dC,*.mst,?,00000000,00000000,?,00000001), ref: 00413DD1
                                                                                                                                                                                                                • CompareFileTime.KERNEL32(?,?), ref: 00413DEE
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,?,?,?,00000001,00000000,?,00000001), ref: 00413E54
                                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 00413E6E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$FindH_prolog$CompareDeleteErrorFirstLastNextPathTempTime
                                                                                                                                                                                                                • String ID: *.mst$4$D$tdC$|dC
                                                                                                                                                                                                                • API String ID: 4192361366-2201022342
                                                                                                                                                                                                                • Opcode ID: a51711e3d9dc9f162469c1157b325f75548771979b9ad613e996537daf4817c3
                                                                                                                                                                                                                • Instruction ID: 09b2d20d0770b5d9108ddfb41bcca3db75bc53d408a5866cea53ac27a9cf4b73
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a51711e3d9dc9f162469c1157b325f75548771979b9ad613e996537daf4817c3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08415171D01259AEEF15DBA4DC55BDEBBB8AF14304F0080AAF505A3191EB785B48CF68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00422D97 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SearchPathA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,74DEF550,74DF2F30), ref: 00422DBA
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104), ref: 00422DDA
                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00422DF6
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(00000000,?,0000001C), ref: 00422E2E
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,00000001,00000004,00408A30), ref: 00422E80
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,00000001,00408A30,00408A30), ref: 00422E93
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual$FileProtect$FindFirstModuleNamePathQuerySearch
                                                                                                                                                                                                                • String ID: RPAWINET.DLL
                                                                                                                                                                                                                • API String ID: 1867771099-274221676
                                                                                                                                                                                                                • Opcode ID: 1d045c8d83dedfbc2c1792f3530304953b519e0ba5a71e8eb454e43d8abbe7f7
                                                                                                                                                                                                                • Instruction ID: 202537dd5bd02fb6e2974613d6d2e439f4700bf25f8820d40688bd6fd34705b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d045c8d83dedfbc2c1792f3530304953b519e0ba5a71e8eb454e43d8abbe7f7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF415072A00129BBDF11DB94DD81FEFB7BDAF05300F564066E910F6280D7B4AE459B68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421166 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44shutdownCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0042120D: GetVersionExA.KERNEL32(?), ref: 00421227
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,0041C3E9), ref: 00421175
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000028,0041C3E9,?,?,?,?,?,?,0041C3E9), ref: 00421182
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00421199
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(0041C3E9,00000000,?,00000000,00000000,00000000), ref: 004211C4
                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,0000FFFF), ref: 004211D2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesValueVersionWindows
                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                • API String ID: 337752880-3733053543
                                                                                                                                                                                                                • Opcode ID: 654c637711f3d0129057a77e9faf76c49b865ad8e30e44e2ebd2ae17bd53042c
                                                                                                                                                                                                                • Instruction ID: 1592780324769039f4501555807589d558b3398acab95ec48eac5c715041dd6e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 654c637711f3d0129057a77e9faf76c49b865ad8e30e44e2ebd2ae17bd53042c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86012175A0122ABBDB10DFA5DC0AEAF7BBCEF15345F004125B515E2190D7749604CBB5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A454 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindResourceA.KERNEL32(?,?,?), ref: 0040A465
                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 0040A471
                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 0040A47D
                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 0040A484
                                                                                                                                                                                                                  • Part of subcall function 0040A2F6: __EH_prolog.LIBCMT ref: 0040A2FB
                                                                                                                                                                                                                  • Part of subcall function 0040A2F6: GetWindowDC.USER32(00000000,?,?,00000000,00000000), ref: 0040A3DB
                                                                                                                                                                                                                  • Part of subcall function 0040A2F6: CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0040A3F6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Resource$BitmapCreateFindH_prologLoadLockSizeofWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3578310943-0
                                                                                                                                                                                                                • Opcode ID: 36eae1ef15c24a04fa7fd79a1b143d7b59be2b3497ca48ceda1709e8d75934f0
                                                                                                                                                                                                                • Instruction ID: 412e42af1dc85b84d59a1d0b30548f3aae24c1a7d4c98822a6ae928dc7b65302
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36eae1ef15c24a04fa7fd79a1b143d7b59be2b3497ca48ceda1709e8d75934f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9E0E532101119BFDF011F59DC48CAF7F6DEF492617059036FA4585121CA728C51ABA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421361 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(00421438,00001004,?,00000014,?,?,?,?,?,?,?,?,?,?,?,00421438), ref: 00421388
                                                                                                                                                                                                                • TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 004213A3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Info$CharsetLocaleTranslate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 641124110-0
                                                                                                                                                                                                                • Opcode ID: fdbead7add8f07b9e3c449411e7ae2bf0fcea3f0dd5ec620230804c97741f916
                                                                                                                                                                                                                • Instruction ID: bb29429a7abe2564468c2e6e575c38df09c66d702e1e1a888a0238c18081c00a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdbead7add8f07b9e3c449411e7ae2bf0fcea3f0dd5ec620230804c97741f916
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5F096B4602109A7EB10DBA1FD45FEE73A9AB04704B901129FA00D56F1E774DD41CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042E90F Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0002E8C9), ref: 0042E914
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: 043419ca89d4f938f0496ab7009b4403287687559f41fce4456226d5abb288ea
                                                                                                                                                                                                                • Instruction ID: fb2ffd927ed7305ccea48581a67f22c9266e6589586caecbb3438322d220fda7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 043419ca89d4f938f0496ab7009b4403287687559f41fce4456226d5abb288ea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BA0047454371157DF447F517C4550C3F7055457117555475D44541155D7750044D51D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042E921 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 0042E926
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                • Opcode ID: 67926777b32cad8dce3cb1b253423c8fc4415e4ee9053d78f832031078b9ce25
                                                                                                                                                                                                                • Instruction ID: e902dc53ff6a92d1af3359848c55c1605b5d17d8d03bd85144f2039f739bd933
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67926777b32cad8dce3cb1b253423c8fc4415e4ee9053d78f832031078b9ce25
                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00412A1E Relevance: 88.0, APIs: 17, Strings: 33, Instructions: 489fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00412A23
                                                                                                                                                                                                                • MoveFileA.KERNEL32(00000000,00000000), ref: 00412BB0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileH_prologMove
                                                                                                                                                                                                                • String ID: /c:"$ /coreui:$ /l%d$ /langcmd:"/q:a /c:\"$ /langs:$ /q:a$ /q:a /c:"install /q"$ /redistui:F$ /redistui:S$ /ver:$"/q:a /c:\"$/jscmd:$/jsharpver:$/redistui:F$/redistui:S$0$D$1.1$1033$DotNetCoreSetupUILang$DotNetFxCmd$DotNetLangPackCmd$DotNetLangPacks$DotNetVersion$J#CmdLine$J#Version$Microsoft(R) .NET Framework$\""$dotnetfx.exe$dotnetfx20.exe$dotnetredist.exe$isnetfx.exe$vjredist.exe$vjredist20.exe
                                                                                                                                                                                                                • API String ID: 486322855-3898491796
                                                                                                                                                                                                                • Opcode ID: 449df1cf654c77223e16022f16fa7b102a314d9137ba194e612a949d967c04f0
                                                                                                                                                                                                                • Instruction ID: 1858e3052237c6aa284b379549f6c11e0ce9aa5a4f32efa16459f068880f9b64
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 449df1cf654c77223e16022f16fa7b102a314d9137ba194e612a949d967c04f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D302B171A00219ABDF15DBA0DD45FEEBB78AF08304F14406BF605E31C1DBB89A95CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040FC2F Relevance: 79.1, APIs: 43, Strings: 2, Instructions: 360windowstringtimeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 0040FC9A
                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 0040FCA3
                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 0040FCB9
                                                                                                                                                                                                                • SendMessageA.USER32(00000405,00000000,00000000), ref: 0040FCFA
                                                                                                                                                                                                                • PostMessageA.USER32(00000000,00008032,00000000,00000000), ref: 0040FD51
                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00000068), ref: 0040FD75
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040FDAE
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040FE05
                                                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 0040FE16
                                                                                                                                                                                                                • SetTimer.USER32(?,000003E9,000000FA,00000000), ref: 0040FE2A
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 0040FE38
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EB), ref: 0040FE43
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 0040FE4E
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 0040FE5F
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040FEB2
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000409), ref: 0041003C
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 0041004D
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00410056
                                                                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 0041006E
                                                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 00410082
                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00410086
                                                                                                                                                                                                                • GetSysColorBrush.USER32(00000000), ref: 00410090
                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 0041009F
                                                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 004100C4
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004100C7
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 004100DE
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 004100EF
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 004100F7
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 004100FF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Object$DeleteItem$Rect$Message$BrushClientColorFillSendStock$CreateCtrlCursorLoadModePostSolidTextTimerWindowlstrlenwsprintf
                                                                                                                                                                                                                • String ID: Cancel$Tahoma
                                                                                                                                                                                                                • API String ID: 78965213-1246164628
                                                                                                                                                                                                                • Opcode ID: 73fb0e50317754b8bd5fc53ace75ca169260e78c1e5c143e1e2783126682ce9d
                                                                                                                                                                                                                • Instruction ID: cac3a4ea8d1a6edc8c28665ed4f1c4103eb0fd7cdae7b7c4e1b365f06cff5cb8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73fb0e50317754b8bd5fc53ace75ca169260e78c1e5c143e1e2783126682ce9d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADD1A6B1900219BFDB11AFA1ED4AF9E7B7DFB09701F104436F505E61A1DB798A80CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00423A71 Relevance: 65.1, APIs: 26, Strings: 11, Instructions: 336registryfilestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00423ADD
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000), ref: 00423AFC
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,00000000), ref: 00423B1B
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,CurrentUser,00000000,00000000,?,?,00000000), ref: 00423B35
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000002,?,i3B), ref: 00423B4B
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(i3B,DirRoot,00000000,00000000,?,?,?,00000000), ref: 00423B6D
                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 00423BCB
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\nsreg.dat,?,00000000), ref: 00423BE3
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000), ref: 00423BFC
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00423C13
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(?,00000004,00000000,00000000,00000000,?,00000000), ref: 00423C28
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000001,SOFTWARE\Netscape\Netscape Navigator\biff,i3B), ref: 00423C43
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(i3B,CurrentUser,00000000,00000000,?,?,?,00000000), ref: 00423C6D
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,%20,?,00000000), ref: 00423C97
                                                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000,?,00000000), ref: 00423CB4
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\prefs.js,?,?,?,?,?,00000000), ref: 00423DDA
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,00000000), ref: 00423DF7
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 00423E06
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000001,?,00000000,?,?,?,?,?,00000000), ref: 00423E26
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00423E3D
                                                                                                                                                                                                                  • Part of subcall function 00424141: lstrcatA.KERNEL32(00000000,0043F074,0000003D,@B,00000001), ref: 00424222
                                                                                                                                                                                                                  • Part of subcall function 00424141: lstrcatA.KERNEL32(?,0043F00C,786F7250,00000001,?), ref: 0042425B
                                                                                                                                                                                                                  • Part of subcall function 00424141: lstrcatA.KERNEL32(?,0043DAC8,786F7250,00000001,?), ref: 0042427E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$lstrcat$CreateOpenQueryValue$Sizelstrlen$CloseDirectoryHandleMappingReadViewWindows
                                                                                                                                                                                                                • String ID: %20$CurrentUser$DirRoot$ProfileLocation$ProfileManager$SOFTWARE\Netscape\Netscape Navigator\Users\$SOFTWARE\Netscape\Netscape Navigator\biff$\nsreg.dat$\prefs.js$d$i3B
                                                                                                                                                                                                                • API String ID: 1474181684-2403575895
                                                                                                                                                                                                                • Opcode ID: 52e1006d4b8b2d8834b47c8aba1ba6aa0c214a033c749d389fc94f0ab8686073
                                                                                                                                                                                                                • Instruction ID: e784ee92cb40a4cb972543891d7d411f7f3797507146b7ceb3f2aa3c40ef04af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52e1006d4b8b2d8834b47c8aba1ba6aa0c214a033c749d389fc94f0ab8686073
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05B18D72E00169BBDF209FA0EC85AAFBBB8EB04301F5145BBE505E2150D7785F458B58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042341B Relevance: 63.4, APIs: 23, Strings: 13, Instructions: 370stringfileregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueA.ADVAPI32(80000000,.htm,?,00000000), ref: 00423447
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\shell\open\command,?,00000000), ref: 00423461
                                                                                                                                                                                                                • RegQueryValueA.ADVAPI32(80000000,?,?,00000000), ref: 0042347D
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000), ref: 00423492
                                                                                                                                                                                                                • CharLowerBuffA.USER32(?,00000000,?,00000000), ref: 004234A0
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000022,-0000000D,?,00000000), ref: 004234E0
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000022,-0000000C,?,00000000), ref: 0042355F
                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,?,00000000), ref: 0042357F
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\mozver.dat,?,00000000), ref: 00423591
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000), ref: 004235AC
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 004235C5
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,00000000), ref: 004235DA
                                                                                                                                                                                                                • GetFileSize.KERNEL32(000000FF,00000000,?,00000000), ref: 004235EB
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,-00000008,?,?,?,?,?,?,?,?,00000000), ref: 0042365E
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,-00000005,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004236A3
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,netscp6.exe,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004236B5
                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,00000000,00000104), ref: 004236FE
                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(00000000,00000000,00000104), ref: 0042370F
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0042371F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 004237C8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF,?,?,00000000), ref: 004237D7
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,00000022,-0000000D,?,00000000), ref: 0042381E
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00423867
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$lstrcatlstrcpyn$CloseCreateHandleNamePathQueryShortValuelstrcpy$BuffCharDirectoryLowerMappingSizeViewWindowslstrcmpilstrlenwsprintf
                                                                                                                                                                                                                • String ID: "$%d.%d.%d.%d$.htm$<oC$Browser$PackageName$Path$Version$\mozver.dat$\shell\open\command$iexplore.exe$netscape.exe$netscp6.exe
                                                                                                                                                                                                                • API String ID: 72107788-21345124
                                                                                                                                                                                                                • Opcode ID: 024993004c9abde2ac2b9dd746823e1c80ba280808bd1a1fdbc40f5078a19a14
                                                                                                                                                                                                                • Instruction ID: 5d364c73d10ed7321bcac676ae9a8a9d5ca1079207b4d57f85e8e8e24589d031
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 024993004c9abde2ac2b9dd746823e1c80ba280808bd1a1fdbc40f5078a19a14
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCD1D3B1A00229BBDF24DFA0DC49BDF7BB8AF44701F5080AAE505E7191DB789B49CB54
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040E7B3 Relevance: 54.5, APIs: 23, Strings: 8, Instructions: 228stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040E7B8
                                                                                                                                                                                                                  • Part of subcall function 004029BB: __EH_prolog.LIBCMT ref: 004029C0
                                                                                                                                                                                                                  • Part of subcall function 004029BB: SetLastError.KERNEL32(?,?,00000000,00000104,?,0041E59F,02151168,?,00000001,?,00000000,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,00000000), ref: 00402A26
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,auto), ref: 0040E7FC
                                                                                                                                                                                                                • CharNextA.USER32 ref: 0040E864
                                                                                                                                                                                                                • CharNextA.USER32(?,00000001,00000001,00000000), ref: 0040E88F
                                                                                                                                                                                                                • CharNextA.USER32(?,0043D764,00000000), ref: 0040E8A1
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,%IS_E%), ref: 0040E8AF
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},00000000), ref: 0040E8C0
                                                                                                                                                                                                                • CharNextA.USER32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}), ref: 0040E9EA
                                                                                                                                                                                                                • CharNextA.USER32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},00000000), ref: 0040E9FC
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 0040EDE8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext$H_prologlstrcpy$ErrorLastlstrcmplstrcmpi
                                                                                                                                                                                                                • String ID: %IS_E%$/auto$/f1$/f2$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Software\Microsoft\Windows\CurrentVersion$auto
                                                                                                                                                                                                                • API String ID: 2909353552-3099715218
                                                                                                                                                                                                                • Opcode ID: fcd21bc14236f586234e5bbfb4ffc63fc6dc396a3b7f26915f976692730b60d2
                                                                                                                                                                                                                • Instruction ID: 591bc8073b7527c6548f6b46590ad354ac19582be11b7a4383eb5d113895dd84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcd21bc14236f586234e5bbfb4ffc63fc6dc396a3b7f26915f976692730b60d2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC71DD7190421AFBDB20AF62DC85AFE7A78BB04344F10443BF505B3291CB785A41DBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00423E44 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 270stringfileregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 00423E9B
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,AppData,00000000,00000000,?,?,?,00000000), ref: 00423EC2
                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,?,00000000), ref: 00423ED4
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043E0A4,?,00000000), ref: 00423EEC
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00423384,?,00000000), ref: 00423EF8
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\registry.dat,?,00000000), ref: 00423F06
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000), ref: 00423F1F
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00423F40
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00423384,00000004,00000000,00000000,00000000,?,00000000), ref: 00423F60
                                                                                                                                                                                                                • GetFileSize.KERNEL32(000000FF,00000000,?,00000000), ref: 00423FAC
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,-0000000F,?,?,00000000), ref: 00423FD7
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,-0000000A,?,?,?,?,?,00000000), ref: 00424041
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,\prefs.js,?,?,?,?,?,00000000), ref: 00424053
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?,00000000), ref: 0042406C
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 004240B2
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,00000000), ref: 004240CF
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 004240EC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00423384,?,?,?,?,?,00000000), ref: 00424126
                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,00000000), ref: 00424138
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$lstrcat$CloseCreateHandle$Sizelstrcpy$DirectoryMappingOpenQueryReadValueViewWindows
                                                                                                                                                                                                                • String ID: AppData$CurrentProfile$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$\prefs.js$\registry.dat$directory
                                                                                                                                                                                                                • API String ID: 4225840403-745957709
                                                                                                                                                                                                                • Opcode ID: f70e285609f500bae95e98eda7b2f4fdb7c36acb013bef8862f4a1613c5cb7e3
                                                                                                                                                                                                                • Instruction ID: 064391a36ea448469b03c0a591f8f9936e9841ba47d944dfdd070d3b5de728db
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f70e285609f500bae95e98eda7b2f4fdb7c36acb013bef8862f4a1613c5cb7e3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23916F71E00229BFDF20EFA0EC859AFBB78EB44354F51817AF505A2191DB785E84CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004081C2 Relevance: 37.1, APIs: 12, Strings: 9, Instructions: 339COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004081C7
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00408261
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000002,?,80400100,00000000,00000006,ftp://,00000000), ref: 00408320
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00408326
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prologwsprintf
                                                                                                                                                                                                                • String ID: 0eC$0eC$8eC$8eC$Referer: %s$\oC$dwplayer$ftp://$http://
                                                                                                                                                                                                                • API String ID: 3576247870-2498556676
                                                                                                                                                                                                                • Opcode ID: 5d0402861afe60d3ad0ede806d5d12bec44354ec730297ead657a193d7db9cca
                                                                                                                                                                                                                • Instruction ID: e510ef79d1f02e9430cdd3cb24b78556f729ad1a154cba9d3d6cff2421bc11c6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d0402861afe60d3ad0ede806d5d12bec44354ec730297ead657a193d7db9cca
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93D1C271D00259EFDB10DFA8C9409AEBBB4BF48314F1481BEE495B7291DB389E05CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421732 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 229windowlibraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00421737
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(Shell32.dll,75C0FB50,00000000,00000000), ref: 0042174E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ShellExecuteExA), ref: 00421761
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0042194D
                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00421966
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00421993
                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 004219A0
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000000), ref: 004219AA
                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,CCCCCCCC), ref: 004219BD
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004219D9
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004219DE
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000001), ref: 004219EB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$CloseHandleLibraryWait$AddressCodeDispatchExitFreeH_prologLoadMultipleObjectObjectsPeekProcProcessSingleTranslate
                                                                                                                                                                                                                • String ID: "%s" %s$<$@$Shell32.dll$ShellExecuteExA$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1278435167-3938510384
                                                                                                                                                                                                                • Opcode ID: f1ceaecd8a944bcaefdf358710b91d1ec2ede45b9c8b27247dc61d01933a9afa
                                                                                                                                                                                                                • Instruction ID: a5a5f66bac4d4b3ac5af2c1fb4324fa4fb12c354cd6b680e9c121f18d58b703f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1ceaecd8a944bcaefdf358710b91d1ec2ede45b9c8b27247dc61d01933a9afa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28916AB1D00229AFDF10DFA4DC84AEEBBB8FB18344F50456BE505A3261D7749A84CF69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00406DC0 Relevance: 33.6, APIs: 10, Strings: 9, Instructions: 367stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrlenA.KERNEL32(000008AC,00442430,000008AC,00000400,000004AC,00000400,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,?,00000000,?), ref: 00406E52
                                                                                                                                                                                                                  • Part of subcall function 0040729E: __EH_prolog.LIBCMT ref: 004072A3
                                                                                                                                                                                                                  • Part of subcall function 0040729E: lstrcpyA.KERNEL32(00000000,?,00000001,0000044F,?,00000000,74DF0440,00000000), ref: 0040732D
                                                                                                                                                                                                                  • Part of subcall function 0040729E: lstrcpyA.KERNEL32(00000000,?), ref: 00407353
                                                                                                                                                                                                                  • Part of subcall function 0040729E: lstrcpyA.KERNEL32(000000AC,00000000), ref: 00407373
                                                                                                                                                                                                                  • Part of subcall function 0040729E: lstrlenA.KERNEL32(-000000AC,74DF0440,00000000), ref: 004073AD
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,00442430,?,00000002,?,?,?,?,?,?,?,00000000,?), ref: 00406E93
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,0043D268), ref: 00406EC1
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00442430,00000000,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00406F1E
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,0043D264,0043D264,00000000,00000104,?,?,?,?,?,?,?,00000000,?), ref: 00406F86
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,0043D268,0043D268,00000000,00000104,?,?,?,?,?,?,?,00000000,?), ref: 0040700C
                                                                                                                                                                                                                  • Part of subcall function 004025BC: lstrcpynA.KERNEL32(00429A4C,00000000,?,00000001,00000000,?,?,00000000,00000000,?,00000104,00000000), ref: 0040281A
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,0043D260,?,?,?,?,?,?,?,00000000,?), ref: 00406FB6
                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(000010B4,00000000,00000400,00442430,000010B4,00000400,00442430,0000006D,00000104,00442430,00000009,00000104), ref: 004070C6
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(000010B4,00000000,?,?,?,?,?,?,?,00000000,?), ref: 004070D6
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00002908,DotNetVersion,00442430,00002908,00000104,00442430,00002508,00000400,00442430,0000006D,00000104,00442430,00000009,00000104), ref: 0040717B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrlen$lstrcpy$lstrcmp$H_prolog$EnvironmentExpandStringslstrcmpilstrcpyn
                                                                                                                                                                                                                • String ID: 0$D$1.0$1.1$2.0$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$DotNetSPRequired$DotNetVersion$v1.1$v2.0
                                                                                                                                                                                                                • API String ID: 2956953118-1671022694
                                                                                                                                                                                                                • Opcode ID: 4e6c55149ff915fe4b431e28f4f5ae7b87e3bf3fb9ff022769733ecff2b70d9e
                                                                                                                                                                                                                • Instruction ID: 28e4a24d26271d4a74ff82976d54feae223c9156777f12a8b0404819d02166cf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e6c55149ff915fe4b431e28f4f5ae7b87e3bf3fb9ff022769733ecff2b70d9e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02D115B2A04209BEDB21DB60EC45FDB77BDAB48704F00447EF605A21D1D7B9AA44CB6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040678A Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 229threadinjectionprocessCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040678F
                                                                                                                                                                                                                  • Part of subcall function 00402838: __EH_prolog.LIBCMT ref: 0040283D
                                                                                                                                                                                                                  • Part of subcall function 00402838: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000), ref: 00402866
                                                                                                                                                                                                                  • Part of subcall function 00402838: SetLastError.KERNEL32(?,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000104,?,00000000,00000000,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},00000001), ref: 004067EB
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                  • Part of subcall function 00402A71: __EH_prolog.LIBCMT ref: 00402A76
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                  • Part of subcall function 00422056: __EH_prolog.LIBCMT ref: 0042205B
                                                                                                                                                                                                                  • Part of subcall function 00422056: SearchPathA.KERNELBASE(00429A4C,00000000,00000000,00000104,00000000,00000000,?,?,00000104,?,00000000,?,00000000,00000000,?,004364B4), ref: 00422130
                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000044,00000000,00000000,?,?), ref: 004068B5
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000), ref: 0040697A
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 0040697D
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000), ref: 00406980
                                                                                                                                                                                                                • GetThreadContext.KERNEL32(?,?), ref: 004069C3
                                                                                                                                                                                                                • VirtualProtectEx.KERNEL32(?,?,00000A2D,00000040,?), ref: 00406A00
                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(?,?,?,00000A2D,00000000), ref: 00406A13
                                                                                                                                                                                                                • FlushInstructionCache.KERNEL32(?,?,00000A2D), ref: 00406A1E
                                                                                                                                                                                                                • SetThreadContext.KERNEL32(?,00010003), ref: 00406A2E
                                                                                                                                                                                                                • ResumeThread.KERNEL32(?), ref: 00406A37
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406A46
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406A4B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0040679B
                                                                                                                                                                                                                • explorer.exe, xrefs: 00406867
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast$Process$HandleThread$CloseContextCurrent$ByteCacheCharCreateDuplicateFileFlushInstructionMemoryModuleMultiNamePathProtectResumeSearchVirtualWideWritelstrlen
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$explorer.exe
                                                                                                                                                                                                                • API String ID: 457729373-2485455447
                                                                                                                                                                                                                • Opcode ID: f9534dd13c3f27fc933d0dfc5216a17117f50ec172d798abf9c2874d6723b71a
                                                                                                                                                                                                                • Instruction ID: d6044563f04a3845ff0ec1f8b803b775efdff4d9149c7d699bab9e73d32bf60e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9534dd13c3f27fc933d0dfc5216a17117f50ec172d798abf9c2874d6723b71a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB916CB2D00118AFDB11EBA4CD45ADEBBB8EF09304F0180AAE909B7291DB755E44CF64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409CF6 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 204libraryloaderfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409CFB
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(crypt32.dll,74DEF550,0043D348,00000000), ref: 00409D13
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CertCompareCertificate), ref: 00409D34
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CertAddSerializedElementToStore), ref: 00409D41
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CertFreeCertificateContext), ref: 00409D4E
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,?,00000000), ref: 00409D9C
                                                                                                                                                                                                                  • Part of subcall function 0040A013: SysStringLen.OLEAUT32(?), ref: 0040A021
                                                                                                                                                                                                                  • Part of subcall function 0040A013: SysReAllocStringLen.OLEAUT32(?,?,?), ref: 0040A03D
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,?,00000000,?,00000001), ref: 00409DCB
                                                                                                                                                                                                                  • Part of subcall function 00409F70: __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                  • Part of subcall function 00409F70: GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000080,00000000), ref: 00409DF1
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00409E2C
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 00409E53
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AddressByteCharFileH_prologMultiProcWide$String$AllocCreateLibraryLoadReadSizelstrlen
                                                                                                                                                                                                                • String ID: CertAddSerializedElementToStore$CertCompareCertificate$CertFreeCertificateContext$crypt32.dll$tdC$|dC
                                                                                                                                                                                                                • API String ID: 27910590-961027101
                                                                                                                                                                                                                • Opcode ID: add25a106bd6e72a6b6188fc1b354213254e7fcc7fb3f8acc63a32bbae6aae41
                                                                                                                                                                                                                • Instruction ID: 1a2ae17bae69c4aadf284063c773f88c501ba5c50d09d70af2f1d06ce5cced6b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: add25a106bd6e72a6b6188fc1b354213254e7fcc7fb3f8acc63a32bbae6aae41
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF715371D0414AEEDF11DFA5CC85AEEBBB8AB05314F14817AE111B32D2D7785E44CBA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417673 Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 164COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00417678
                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000002), ref: 004176B8
                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0041787C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • tdC, xrefs: 004176C6
                                                                                                                                                                                                                • {1C370964-514B-321C-7237-2B4FD86D8568}, xrefs: 004177F5, 00417805
                                                                                                                                                                                                                • {7E76A8D6-33D1-0032-16C3-4593092861D0}, xrefs: 004177BF
                                                                                                                                                                                                                • {E7E2C871-090A-C372-F9AE-C3C6A988D260}, xrefs: 00417786
                                                                                                                                                                                                                • {78705f0d-e8db-4b2d-8193-982bdda15ecd}, xrefs: 00417711
                                                                                                                                                                                                                • {021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}, xrefs: 004177EE
                                                                                                                                                                                                                • |dC, xrefs: 004176C1
                                                                                                                                                                                                                • 4$D, xrefs: 00417800
                                                                                                                                                                                                                • {F1B13231-13BE-1231-5401-486BA763DEB6}, xrefs: 00417759
                                                                                                                                                                                                                • {6741C120-01BA-87F9-8734-5FB9DA8A4445}, xrefs: 0041772A
                                                                                                                                                                                                                • {F279058C-50B2-4BE4-60C9-369CACF06821}, xrefs: 0041771B
                                                                                                                                                                                                                • {9B29D757-088E-E8C9-2535-AA319B92C00A}, xrefs: 00417707
                                                                                                                                                                                                                • Software\Microsoft\Active Setup\Installed Components\%s, xrefs: 00417836
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Variant$ChangeClearH_prologType
                                                                                                                                                                                                                • String ID: 4$D$Software\Microsoft\Active Setup\Installed Components\%s$tdC${021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}${1C370964-514B-321C-7237-2B4FD86D8568}${6741C120-01BA-87F9-8734-5FB9DA8A4445}${78705f0d-e8db-4b2d-8193-982bdda15ecd}${7E76A8D6-33D1-0032-16C3-4593092861D0}${9B29D757-088E-E8C9-2535-AA319B92C00A}${E7E2C871-090A-C372-F9AE-C3C6A988D260}${F1B13231-13BE-1231-5401-486BA763DEB6}${F279058C-50B2-4BE4-60C9-369CACF06821}$|dC
                                                                                                                                                                                                                • API String ID: 2549134154-4242822911
                                                                                                                                                                                                                • Opcode ID: 6eb1862402b596d47af675b65cab528a9f8a997a908a05bf0a1233106cb13291
                                                                                                                                                                                                                • Instruction ID: 4285387e50dc035f0646fada1e83cf06c99d8a568b60c95a607e00e43d563acb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eb1862402b596d47af675b65cab528a9f8a997a908a05bf0a1233106cb13291
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A551D770D05148EADB14DBA5C954BEEBBB8EB18304F10806FE516B32C2D7386F45CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C446 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 152librarystringloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(msi.dll,?,?,00000000), ref: 0041C479
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetProductInfoA), ref: 0041C488
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 0041C4C2
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,?,?,00000024), ref: 0041C58B
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000), ref: 0041C60E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadMessageProclstrcmpi
                                                                                                                                                                                                                • String ID: 2$InstalledProductName$LATERVERSIONINSTALLED$MsiGetProductInfoA$ONUPGRADE$PackageCode$VersionString$msi.dll
                                                                                                                                                                                                                • API String ID: 4182792734-1382829369
                                                                                                                                                                                                                • Opcode ID: d16d14cd1a7d32673be0b351bd8138e0e1ef713b882002295f85dfd55c7ca0dd
                                                                                                                                                                                                                • Instruction ID: fbc1d78dae384902be125494ab0f59575b49889bf3c78ffbca3d9dc2b28bf623
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d16d14cd1a7d32673be0b351bd8138e0e1ef713b882002295f85dfd55c7ca0dd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 495184B2944218BADF21DB90DCC5FEEB7BCAB04704F10546BF105E2181D779AA89CF58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041097F Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 139stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItem.USER32(PED,000003EE), ref: 00410999
                                                                                                                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 004109AF
                                                                                                                                                                                                                • GetWindowTextA.USER32(00000000,00000409,0000007F), ref: 004109C4
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EF), ref: 004109CE
                                                                                                                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 004109DE
                                                                                                                                                                                                                • GetWindowTextA.USER32(00000000,00000409,0000007F), ref: 004109EF
                                                                                                                                                                                                                • GetDC.USER32(?), ref: 004109F4
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000409), ref: 00410A0B
                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00410A35
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00410A61
                                                                                                                                                                                                                • GetWindowPlacement.USER32(?,?), ref: 00410AC0
                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00410ADB
                                                                                                                                                                                                                • GetWindowPlacement.USER32(00000000,0000002C), ref: 00410AEB
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 00410B04
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Text$ItemLengthMovePlacement$RectReleaselstrlen
                                                                                                                                                                                                                • String ID: PED
                                                                                                                                                                                                                • API String ID: 164573090-1866647915
                                                                                                                                                                                                                • Opcode ID: f9cdbf7d14ed06865fd8a15cd3818a28bdf51e5ce09ddd8d5828627d7208a7e0
                                                                                                                                                                                                                • Instruction ID: 6e69f29222989c1f8b0177438d3dab89e518eea49ae9b7051f03af483fb62a21
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9cdbf7d14ed06865fd8a15cd3818a28bdf51e5ce09ddd8d5828627d7208a7e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34413B72D00219BFDF119FE8CC84AEEBBB9FF08344F15416AE904A7250D7B59A80CB94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00415E95 Relevance: 25.0, APIs: 7, Strings: 7, Instructions: 458windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00415E9A
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000000,00000001), ref: 00415EF0
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wsprintfA.USER32 ref: 00420493
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wvsprintfA.USER32(?,?,?), ref: 004204AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologMessageSendwsprintfwvsprintf
                                                                                                                                                                                                                • String ID: 4$D$AM_AFFILIATE$ActiveMark.dat$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$PfC$x$x
                                                                                                                                                                                                                • API String ID: 483945354-3549740976
                                                                                                                                                                                                                • Opcode ID: 7c0ef4e7a2a310d543665fddbdc3f396e9a9c9b2cb1dac405e5868d2e854604d
                                                                                                                                                                                                                • Instruction ID: c52a9fb7bb47cef75847c84ff4e99dbd2a3aa7aaaaf1430522d10c105b230f7d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c0ef4e7a2a310d543665fddbdc3f396e9a9c9b2cb1dac405e5868d2e854604d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E602B671900259AFDB14DBA4CD85BEEB7B8AF14304F0044AEE505B7281DB789F88CF69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410B92 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 164windowstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00421A02: __EH_prolog.LIBCMT ref: 00421A07
                                                                                                                                                                                                                  • Part of subcall function 00421A02: lstrcpyA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,?), ref: 00421A2B
                                                                                                                                                                                                                  • Part of subcall function 00421A02: lstrcpyA.KERNEL32(?,0x0409), ref: 00421A36
                                                                                                                                                                                                                  • Part of subcall function 00421A02: wsprintfA.USER32 ref: 00421A66
                                                                                                                                                                                                                  • Part of subcall function 00421A02: lstrlenA.KERNEL32(?,?,?,00442430,?,?,?), ref: 00421AAA
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00410C43
                                                                                                                                                                                                                • VerLanguageNameA.KERNEL32(?,?,0000007F,?,00000000,?), ref: 00410C68
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00410C7B
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,00000000,?), ref: 00410CA0
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000143,00000000,?), ref: 00410CB8
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000151,00000000,00000000), ref: 00410CD5
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,Slovenian,?,00000000,?), ref: 00410D0D
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,00000000,?), ref: 00410D2E
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000143,00000000,?), ref: 00410D45
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000151,00000000,00000000), ref: 00410D5E
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000014C,00000000,?), ref: 00410D88
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 00410D9C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$lstrcpy$lstrcmpi$H_prologLanguageNamelstrlenwsprintf
                                                                                                                                                                                                                • String ID: Basque$Slovenian
                                                                                                                                                                                                                • API String ID: 834212799-3822051040
                                                                                                                                                                                                                • Opcode ID: 832fd459c8d6329f2b616d612a7d08b63e21cc4582897cb2e8b4f9f55e7ec06e
                                                                                                                                                                                                                • Instruction ID: 3ce16d0234114f6fd98d1ea34f7253e441f5d161255cfae75086df8a0cd83c33
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 832fd459c8d6329f2b616d612a7d08b63e21cc4582897cb2e8b4f9f55e7ec06e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB518E71900219AFDB11CFA4DC85BFA77B8FB49314F50426AF518D61A0E3B8AAC58F54
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004154DC Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 133registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,00000000,?,00000000), ref: 00420F26
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,?,?,00000000), ref: 00420F32
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00415537
                                                                                                                                                                                                                  • Part of subcall function 00421000: lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,000000FF), ref: 0042104D
                                                                                                                                                                                                                  • Part of subcall function 00421000: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 0042106A
                                                                                                                                                                                                                  • Part of subcall function 00421000: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00421081
                                                                                                                                                                                                                  • Part of subcall function 00421000: PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00421097
                                                                                                                                                                                                                  • Part of subcall function 00421000: GetExitCodeProcess.KERNELBASE(?,00000001), ref: 004210B6
                                                                                                                                                                                                                  • Part of subcall function 00421000: CloseHandle.KERNEL32(?,?,?,?,?,?,000000FF), ref: 004210C7
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegOpenKeyExA.KERNELBASE(00000104,00000000,00000000,00000104,0041DD97,00000000,00000000,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104), ref: 0040F750
                                                                                                                                                                                                                  • Part of subcall function 0040F736: RegCloseKey.ADVAPI32(?,?,00421F70,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?,00000104,00000000,00000104), ref: 0040F761
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041556C
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,InstallerLocation,00000000,00000000,?,?,80000002,Software\Microsoft\Windows\CurrentVersion\Installer,00020019,00000000,00000001), ref: 0041565F
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 0041566C
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,80000002,Software\Microsoft\Windows\CurrentVersion\Installer,00020019,00000000,00000001), ref: 0041567B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Closelstrcpy$Processwsprintf$CodeCreateCurrentDirectoryExitHandleMessageMultipleObjectsOpenPeekQueryValueWait
                                                                                                                                                                                                                • String ID: "%s" /c:"msiinst /delayrebootq"$"%s" /q$"%s" /quiet /norestart$/c:"msiinst /delayrebootq"$/quiet /norestart$2.0.2600.0$InstallerLocation$Software\Microsoft\Windows\CurrentVersion\Installer
                                                                                                                                                                                                                • API String ID: 1577088261-1617498336
                                                                                                                                                                                                                • Opcode ID: 9097d7722fd7ec3d5722bfb0d3bea209ad9bc6e1998939aaf4ec6ada52fdc715
                                                                                                                                                                                                                • Instruction ID: ee2141dd46d3b24f9f7fca2764aae0a6b727face05cde45719e9d909a98e4351
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9097d7722fd7ec3d5722bfb0d3bea209ad9bc6e1998939aaf4ec6ada52fdc715
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E41D871A00215FBDF119B65DC49BDD3BA99F44304F10807BF545AA1D2DBBC8AC48B9D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D808 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 117registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,SetupBitmapCls,?,?,00000000), ref: 0041D81D
                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 0041D84E
                                                                                                                                                                                                                • GetClassInfoA.USER32(?,SetupBitmapCls,?), ref: 0041D86E
                                                                                                                                                                                                                • RegisterClassA.USER32(00000003), ref: 0041D87C
                                                                                                                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 0041D8C6
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0041D8D3
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0041D8E2
                                                                                                                                                                                                                • CreateWindowExA.USER32(00000080,SetupBitmapCls,SetupBitmapWin,86000000,?,?,?,?,00000000,00000000,?,00000000), ref: 0041D91B
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0041D927
                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,00000000,00000000), ref: 0041D935
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,00000000), ref: 0041D944
                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 0041D950
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$ClassMetricsSystem$CreateCursorErrorInfoLastLoadLongObjectRegisterShowUpdatelstrcpy
                                                                                                                                                                                                                • String ID: SetupBitmapCls$SetupBitmapWin
                                                                                                                                                                                                                • API String ID: 2500980582-250169166
                                                                                                                                                                                                                • Opcode ID: 5a73854f7b7b2eb16eb1aa8299e7963443fd1834ec69544777c890795032b755
                                                                                                                                                                                                                • Instruction ID: 03adcb7b7334545641dc8c2f861d4baf02efc3f5cfc7b3d02b557173f8e856db
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a73854f7b7b2eb16eb1aa8299e7963443fd1834ec69544777c890795032b755
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7411DB5A00605BFD714DFA5DD89BDEBBB8FB08300F10952AF609E6251D774A8408B68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041035B Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00410ED5: __EH_prolog.LIBCMT ref: 00410EDA
                                                                                                                                                                                                                  • Part of subcall function 00410E40: __EH_prolog.LIBCMT ref: 00410E45
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000001,00444770,?,?,00000000,00000000,?,?,00410322,?,00000000,?,?,?,?), ref: 004103CF
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000,?,?,00410322,?,00000000,?,?,?,?,?), ref: 004103D6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: GlobalH_prolog$AllocLock
                                                                                                                                                                                                                • String ID: xGD
                                                                                                                                                                                                                • API String ID: 861400310-1797962929
                                                                                                                                                                                                                • Opcode ID: 1ceede24ddac4cbc76df8e10a897d8745e8f992436f5b1965118abc752188982
                                                                                                                                                                                                                • Instruction ID: d7dcfe272d038327ceb0a35ef24f1ae067e203113f989abb912cc915921f1e41
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ceede24ddac4cbc76df8e10a897d8745e8f992436f5b1965118abc752188982
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4317675600215EFDB10AFB5EC44A9B3BA9EB8A3617524436F915C3260D778D8C1CB2C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401072 Relevance: 24.2, APIs: 16, Instructions: 152filememoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,?,?,?,00000000), ref: 00401090
                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,?,?,00000000,?,?,?,00000000), ref: 004010AA
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,0000000A,?,00000000,?,?,?,00000000), ref: 004010B8
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?,00000000), ref: 004010C6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$AllocCloseCreateGlobalHandleSize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2025735303-0
                                                                                                                                                                                                                • Opcode ID: d7f19996e4f572209dc80f7d6b4e55b37d92a17c9215315f30516a0a0e7abf6f
                                                                                                                                                                                                                • Instruction ID: d4c7a443f8fb40d079b90b9d6cba3231904a473565706b715bfdd1a7139a51b5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7f19996e4f572209dc80f7d6b4e55b37d92a17c9215315f30516a0a0e7abf6f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4351A171600205BBEB219F64DC09B5B7BA4EB09361F21C66AF656EA2F0C778D940CB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042388B Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 140stringregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000001,SOFTWARE\Netscape\Netscape Navigator\Proxy Information,Z3B), ref: 004238E2
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(Z3B,Proxy Type,00000000,00000000,?,?), ref: 0042394E
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000001,0000003D,00000000,00000000,?,00000004), ref: 0042398E
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043F074), ref: 004239A9
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 004239B9
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000001,786F7250,00000000,00000000,?,00000100), ref: 004239D4
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043F00C), ref: 004239E6
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,0043DFB0,?), ref: 004239F7
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00423A05
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043DAC8), ref: 00423A1A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcat$QueryValue$Openlstrlenwsprintf
                                                                                                                                                                                                                • String ID: Proxy Type$SOFTWARE\Netscape\Netscape Navigator\Proxy Information$Z3B
                                                                                                                                                                                                                • API String ID: 4042173901-2544801564
                                                                                                                                                                                                                • Opcode ID: 8cb46d8937ddc8c835bf3a3fe2ebbdfef7dd7219b1ca33fdf6c4e3c34022c062
                                                                                                                                                                                                                • Instruction ID: f12e638fd84184c193fa252f82b18c0cf175a507da21a95ff683e736c46fa01f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cb46d8937ddc8c835bf3a3fe2ebbdfef7dd7219b1ca33fdf6c4e3c34022c062
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F512BB1E00229EBDF15CF94DC45BDEBBB8AF08304F1090A6E644B6251D7799B48CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F986 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(?,000003E8), ref: 0040F99F
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0040F9A8
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 0040F9B2
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 0040F9B6
                                                                                                                                                                                                                • SetRect.USER32(00000400,00000000,00000000,00000000), ref: 0040F9BF
                                                                                                                                                                                                                • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 0040F9F6
                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 0040F9FF
                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0040FA15
                                                                                                                                                                                                                • IntersectRect.USER32(?,?,00000400), ref: 0040FA23
                                                                                                                                                                                                                • SubtractRect.USER32(00000400,?,?), ref: 0040FA3F
                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,?,000003E8,0000001E,00000000,00000000,00000005,0000001E), ref: 0040FA7F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: RectWindow$MetricsSystem$FindIntersectSubtract
                                                                                                                                                                                                                • String ID: F$Shell_TrayWnd
                                                                                                                                                                                                                • API String ID: 301737298-1447713892
                                                                                                                                                                                                                • Opcode ID: fe6ff8c4712b69a9fdd0bf4f60218ac9525740fba9308a348f01eee37a1ec573
                                                                                                                                                                                                                • Instruction ID: d4245017ea7ccba689e50257c5bca597ec71994da8b28e86b9cdca5da92b7e14
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe6ff8c4712b69a9fdd0bf4f60218ac9525740fba9308a348f01eee37a1ec573
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E31CBB2D00209AFDB10DFE8DD88EEFBBBDEB48715F158026E911B7250D674A9058F64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A536 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DefWindowProcA.USER32(?,?,?,?), ref: 0040A561
                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EB), ref: 0040A57A
                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 0040A58A
                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040A5A9
                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EB), ref: 0040A5B9
                                                                                                                                                                                                                • ctype.LIBCPMT ref: 0040A5CB
                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000EB,00000000), ref: 0040A5F0
                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040A600
                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 0040A60D
                                                                                                                                                                                                                • __ftol.LIBCMT ref: 0040A62D
                                                                                                                                                                                                                • __ftol.LIBCMT ref: 0040A63C
                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000256), ref: 0040A64D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Long$ClientPaint__ftol$BeginProcRectScreenctype
                                                                                                                                                                                                                • String ID: GIF
                                                                                                                                                                                                                • API String ID: 1302359729-881873598
                                                                                                                                                                                                                • Opcode ID: 91bfdcbd1fec9f2448bd70e9dfedd2a130df28354c005f0ab24ed3982df5faeb
                                                                                                                                                                                                                • Instruction ID: 0b9c365b5d92b88b7683cc0d783e8b6bf6f499540459b0c4f5a57f3be30bdbb4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91bfdcbd1fec9f2448bd70e9dfedd2a130df28354c005f0ab24ed3982df5faeb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3031B03250420ABFCF015FA0DC09EAE3B79FF44720F158236F922A61F0CB7699219B59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C679 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 66stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00442430,00000000,?,?), ref: 0041C693
                                                                                                                                                                                                                  • Part of subcall function 0041C61C: lstrlenA.KERNEL32(?,?,?,?,?,?,0041C6AC,?,REINSTALL,?,?), ref: 0041C62D
                                                                                                                                                                                                                  • Part of subcall function 0041C61C: lstrlenA.KERNEL32(?,?,?,?,?,?,0041C6AC,?,REINSTALL,?,?), ref: 0041C635
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?, REINSTALL=ALL,?,REINSTALL,?,?), ref: 0041C6C2
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?, REINSTALLMODE=vomus ,?,REINSTALLMODE,?,REINSTALL,?,?), ref: 0041C6E1
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?, IS_MINOR_UPGRADE=1,?,IS_MINOR_UPGRADE,?,REINSTALLMODE,?,REINSTALL,?,?), ref: 0041C700
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,IS_MINOR_UPGRADE,?,REINSTALLMODE,?,REINSTALL,?,?), ref: 0041C709
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043DAC8,?,?), ref: 0041C719
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?,?,?), ref: 0041C723
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcat$lstrlen$lstrcpy
                                                                                                                                                                                                                • String ID: IS_MINOR_UPGRADE=1$ REINSTALL=ALL$ REINSTALLMODE=vomus $IS_MINOR_UPGRADE$REINSTALL$REINSTALLMODE
                                                                                                                                                                                                                • API String ID: 1797936820-1374138384
                                                                                                                                                                                                                • Opcode ID: 7a85afe8d238317717dcf21dc6f1eef201e624e85e1649add021e5016ab12d8e
                                                                                                                                                                                                                • Instruction ID: 7af558fb62973b3d3fba47726e6265c27888e5ddeab7907098ec436c15aaab4d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a85afe8d238317717dcf21dc6f1eef201e624e85e1649add021e5016ab12d8e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6011E7F1B8021937EA10A6629DC6FEF77AD9B94745F001067B605D20C0E7BCD9858B58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407AE8 Relevance: 21.2, APIs: 14, Instructions: 154memorywindowfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00407AED
                                                                                                                                                                                                                  • Part of subcall function 00407CFF: lstrlenA.KERNEL32(?,?,00000000,00407B04,?,?,00000000), ref: 00407D08
                                                                                                                                                                                                                • CopyFileA.KERNEL32(?,?,00000000), ref: 00407B10
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,00000400), ref: 00407B4E
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,00000400), ref: 00407B5C
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000400), ref: 00407B7B
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000400), ref: 00407B90
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00407A9C,?,00000000,?), ref: 00407BD6
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00407BFA
                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00407C11
                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 00407C33
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocByteCharMessageMultiStringWide$CopyCreateDispatchFileH_prologMultipleObjectsPeekThreadWaitlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3407787643-0
                                                                                                                                                                                                                • Opcode ID: 2ec77a9a0ad9080962d51deac1668ca0af4c7d8c1c654d47e5ec6e5a88a93a9f
                                                                                                                                                                                                                • Instruction ID: 92bcefd60bbebe537550c4c8f931e5ab2538df603c358cd932c0645a3959d07c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ec77a9a0ad9080962d51deac1668ca0af4c7d8c1c654d47e5ec6e5a88a93a9f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F651B171904205BFDB10AF71CC44EAB7BB9EF04364F10853AF519A61E1C7386A41CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409B6C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 144libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409B71
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 00409B96
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,000000FF,00000000,00000000), ref: 00409BD7
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,000000FF,00000000,?), ref: 00409BFC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTHelperProvDataFromStateData), ref: 00409C66
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTHelperGetProvSignerFromChain), ref: 00409C7E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTHelperGetProvCertFromChain), ref: 00409C9D
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: __EH_prolog.LIBCMT ref: 00409CFB
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: LoadLibraryA.KERNEL32(crypt32.dll,74DEF550,0043D348,00000000), ref: 00409D13
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: GetProcAddress.KERNEL32(00000000,CertCompareCertificate), ref: 00409D34
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: GetProcAddress.KERNEL32(?,CertAddSerializedElementToStore), ref: 00409D41
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: GetProcAddress.KERNEL32(?,CertFreeCertificateContext), ref: 00409D4E
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,?,00000000), ref: 00409D9C
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,?,00000000,?,00000001), ref: 00409DCB
                                                                                                                                                                                                                  • Part of subcall function 00409CF6: CreateFileA.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000080,00000000), ref: 00409DF1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$ByteCharMultiWide$H_prolog$CreateFileLibraryLoad
                                                                                                                                                                                                                • String ID: <$WTHelperGetProvCertFromChain$WTHelperGetProvSignerFromChain$WTHelperProvDataFromStateData$WinVerifyTrust
                                                                                                                                                                                                                • API String ID: 3749893794-2103055557
                                                                                                                                                                                                                • Opcode ID: c5c0d6533726a04102a9b23130ce83cb7d8e6289a8ada864f646cc54a339605b
                                                                                                                                                                                                                • Instruction ID: bcd986192346ffdc428793df080cb70ad7b685c49c60d69ecb89292fa5f7fcc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5c0d6533726a04102a9b23130ce83cb7d8e6289a8ada864f646cc54a339605b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B5115B1D04218AEDB01DFA5DC85AEEBBB8FF08354F60412AF414B7292C7799E448B64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410768 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 137windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00411052: wsprintfA.USER32 ref: 00411064
                                                                                                                                                                                                                  • Part of subcall function 00411052: CharNextA.USER32(?,Title), ref: 0041108E
                                                                                                                                                                                                                  • Part of subcall function 00411052: CharNextA.USER32(00000000), ref: 00411091
                                                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 004107E0
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00004E21), ref: 0041085D
                                                                                                                                                                                                                • GetWindowPlacement.USER32(00000000,?), ref: 00410871
                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00410888
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003ED), ref: 00410894
                                                                                                                                                                                                                • EndDialog.USER32(?,000000FD), ref: 004108B9
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000146,00000000,00000000), ref: 004108F1
                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 0041090B
                                                                                                                                                                                                                  • Part of subcall function 00410B0B: GetWindowRect.USER32(00410919,?), ref: 00410B1B
                                                                                                                                                                                                                  • Part of subcall function 00410B0B: GetParent.USER32(00410919), ref: 00410B30
                                                                                                                                                                                                                  • Part of subcall function 00410B0B: GetSystemMetrics.USER32(00000000), ref: 00410B3B
                                                                                                                                                                                                                  • Part of subcall function 00410B0B: GetSystemMetrics.USER32(00000001), ref: 00410B4C
                                                                                                                                                                                                                  • Part of subcall function 00410B0B: MoveWindow.USER32(00410919,?,?,?,?,00000000,?,?,?,00410919,?), ref: 00410B84
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$CharDialogItemMetricsNextSystem$DestroyMessageMoveParentPlacementRectSendTextwsprintf
                                                                                                                                                                                                                • String ID: ,$CANCEL$Description$Title
                                                                                                                                                                                                                • API String ID: 3210215166-3913340754
                                                                                                                                                                                                                • Opcode ID: d3259cb76fb1d02c1798ea420f7a752d81d2e579bbfb8de50868e6d14f3e3cf2
                                                                                                                                                                                                                • Instruction ID: 8d9602453b0b63764edcac48bb1b6d6812f4e9e9f725ce4d8122e2141b72368d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3259cb76fb1d02c1798ea420f7a752d81d2e579bbfb8de50868e6d14f3e3cf2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E41DA75A00250BFE7116BA5EC41FEB37ADEB86714F014036FA00E61A1E7BC99C18B6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00416767 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041676C
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(Msi.DLL,00000001,?,?,?,?,?,?,?,?,00000000), ref: 0041677A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiOpenDatabaseA), ref: 004167A3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiGetSummaryInformationA), ref: 004167C2
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiCloseHandle), ref: 004167CC
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MsiSummaryInfoGetPropertyA), ref: 004167F4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$H_prologLibraryLoad
                                                                                                                                                                                                                • String ID: H$Msi.DLL$MsiCloseHandle$MsiGetSummaryInformationA$MsiOpenDatabaseA$MsiSummaryInfoGetPropertyA
                                                                                                                                                                                                                • API String ID: 1497772292-2739935362
                                                                                                                                                                                                                • Opcode ID: 2f651fb38727d762c3b640cd8dba67f64d0a3f33deadb3e47f3eba0e194ffca7
                                                                                                                                                                                                                • Instruction ID: c8f092e18bceee43ae4e7dc7b184fc045c5df2a948df3a5b6d09f448fbc923ff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f651fb38727d762c3b640cd8dba67f64d0a3f33deadb3e47f3eba0e194ffca7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02219F3190221ABADF11ABE9CC05FEFBFB8EF48740F11406AE504B1195D778DA41CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00411EC6 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 324timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00411ECB
                                                                                                                                                                                                                  • Part of subcall function 0041146F: __EH_prolog.LIBCMT ref: 00411474
                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00411F44
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: __EH_prolog.LIBCMT ref: 00403BC5
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: GetLastError.KERNEL32(004364B4,00000001,004364BC,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403BEE
                                                                                                                                                                                                                  • Part of subcall function 00403BC0: SetLastError.KERNEL32(?,00000000,00000000,00000000,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403C43
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast$FreeLocalStringTime
                                                                                                                                                                                                                • String ID: AM_INSTALLTIME="$%04d/%02d/%02d@%02d:%02d:%02d$AM_AFFILIATE$AM_CONTENTID$AM_CURRENCY$AM_OTP$AM_PRICE$AM_TIMESTAMP$AM_TRACKINGID
                                                                                                                                                                                                                • API String ID: 1017348598-2762668861
                                                                                                                                                                                                                • Opcode ID: 960e46a9dc7e6e33f0bcf3d37b2d53b43d15717617e32126ecfa9569ba4acd88
                                                                                                                                                                                                                • Instruction ID: 0d79f04a64742c854f85855d8209aad0a7ec7cfab197170d65232ed9fb8364e3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 960e46a9dc7e6e33f0bcf3d37b2d53b43d15717617e32126ecfa9569ba4acd88
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11C154B1C0515CEADB11E7A5CD45BDEBBBCAF19308F04409AF809B3181EB785B489B76
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041F28B Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 236fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041F290
                                                                                                                                                                                                                  • Part of subcall function 004185A0: __EH_prolog.LIBCMT ref: 004185A5
                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,0000003B,?,02151168,00000000,00000000), ref: 0041F38B
                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,00000000,?,00000104,?,00000000), ref: 0041F3D5
                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(00000000,IS_,00000000,00000000,?,00000104), ref: 0041F417
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104), ref: 0041F437
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: __EH_prolog.LIBCMT ref: 0040B6E5
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: GetLastError.KERNEL32(00436474,00000001,0043647C,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000,00000001), ref: 0040B70E
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: SetLastError.KERNEL32(?,00000000,00000000,00000000,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 0040B763
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0041F483
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0041F52C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLast$H_prolog$FreeNameStringTemp$AttributesDeleteModulePath
                                                                                                                                                                                                                • String ID: ISSetup.dll$IS_$tdC$|dC
                                                                                                                                                                                                                • API String ID: 903564922-1606581975
                                                                                                                                                                                                                • Opcode ID: b920029b179334780e75f6fbc6b2676d59bd3e6b90dbb5bc2ff805ab3c6de96e
                                                                                                                                                                                                                • Instruction ID: a65717763d4b66b7593e0c0d6f96dc7f2a94b8980c342f2635d750f29b9be371
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b920029b179334780e75f6fbc6b2676d59bd3e6b90dbb5bc2ff805ab3c6de96e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7A18271C01259EFCF01EBA5C884ADDBBB9BF14304F5440AEE405B3292DB385A49CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421A02 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 77stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00421A07
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,?), ref: 00421A2B
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,0x0409), ref: 00421A36
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,Languages,?), ref: 00421A53
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00421A66
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,00442430,?,?,?), ref: 00421AAA
                                                                                                                                                                                                                • VerLanguageNameA.KERNEL32(?,?,?), ref: 00421ACB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Languages, xrefs: 00421A4D
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 00421A25
                                                                                                                                                                                                                • 0x0409, xrefs: 00421A30
                                                                                                                                                                                                                • %#04x, xrefs: 00421A60
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$H_prologLanguageNamelstrlenwsprintf
                                                                                                                                                                                                                • String ID: %#04x$0x0409$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Languages
                                                                                                                                                                                                                • API String ID: 4009380564-480087682
                                                                                                                                                                                                                • Opcode ID: 89e7def1cc253909c305adfd8685bc471602c5b9ad7831e71222790c310ab239
                                                                                                                                                                                                                • Instruction ID: efe459d2ee1a0a5bb05c94ddedc6aaf236c52ec94a0a20cbbb832f68767b1155
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89e7def1cc253909c305adfd8685bc471602c5b9ad7831e71222790c310ab239
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30215C72E01119BBCF01EFE0ED45BEDB778AF18304F50806BF911A6191D778AA48CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040AB3B Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 191libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040AB40
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 0040AB5A
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000400,?,00000400,?,00000000,02151168,00000000), ref: 0040ABCE
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AddressFileFreeH_prologModuleNameProcString
                                                                                                                                                                                                                • String ID: 4$D$ProductCode$RunISMSISetup$Startup$setup.ini$tdC$|dC
                                                                                                                                                                                                                • API String ID: 2162219923-1061493180
                                                                                                                                                                                                                • Opcode ID: 4ebda68ac808b7d463d11fe6e597bbea628e03cedd31aaa04ddf901241631caa
                                                                                                                                                                                                                • Instruction ID: e7c3e7625cfcb191eab71a37f070d79fea972b1d58ca764fe9aab2b69f523430
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ebda68ac808b7d463d11fe6e597bbea628e03cedd31aaa04ddf901241631caa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A81A270D01149EEDB04EBA5C955BDEBB74AF14304F1080AEE509B32D2DB781F09CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004302D6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,00437228,00000001,00000000,00000000,74DEE860,00446CEC,?,?,?,0042AC67,?,?,?,00000000), ref: 00430318
                                                                                                                                                                                                                • LCMapStringA.KERNEL32(00000000,00000100,00437224,00000001,00000000,00000000,?,?,0042AC67,?,?,?,00000000,00000001), ref: 00430334
                                                                                                                                                                                                                • LCMapStringA.KERNEL32(?,?,?,0042AC67,?,?,74DEE860,00446CEC,?,?,?,0042AC67,?,?,?,00000000), ref: 0043037D
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,lD,?,0042AC67,00000000,00000000,74DEE860,00446CEC,?,?,?,0042AC67,?,?,?,00000000), ref: 004303B5
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,0042AC67,?,00000000,?,?,0042AC67,?), ref: 0043040D
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0042AC67,?), ref: 00430423
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0042AC67,?), ref: 00430456
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0042AC67,?), ref: 004304BE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 352835431-1556624830
                                                                                                                                                                                                                • Opcode ID: 15148240ff874f905adc8f4693f494adc69a48beb72f8d7d9a7a7c510a0b7cd9
                                                                                                                                                                                                                • Instruction ID: 6e256766d49d2e70a394d71427fcc63910274e48857865b353ea10c3ed132248
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15148240ff874f905adc8f4693f494adc69a48beb72f8d7d9a7a7c510a0b7cd9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17518F31500209FFDF229F54DC45A9F7FB4FB59B54F10922AF914A2261D33A8E10DB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F14C Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 165COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext$H_prologwsprintf
                                                                                                                                                                                                                • String ID: %s%d$Languages$count$key$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1310451597-395450139
                                                                                                                                                                                                                • Opcode ID: ce5c91c8d29a5833ce9770723932ab76c64a831b885768281e3542e6d29988e5
                                                                                                                                                                                                                • Instruction ID: c9576ae8c71d021be8c21733e53e21b96fcd66815fc44989bd1b0628bb37f4ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce5c91c8d29a5833ce9770723932ab76c64a831b885768281e3542e6d29988e5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB615271D0025CEADB11DBA4CC51BDEB778AF18314F1040BAE509B72C2DB785B89CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EC6D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 103registrystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharNextA.USER32(?,tempdisk1folder,?,00000000), ref: 0040EC8D
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,%IS_T%,?,tempdisk1folder,?,00000000), ref: 0040EC9B
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000000,?,?,?,?,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F,?,tempdisk1folder,?,00000000), ref: 0040ED0B
                                                                                                                                                                                                                • RegDeleteValueA.ADVAPI32(?,00000000,?,?,?,?,?,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F,?,tempdisk1folder,?,00000000), ref: 0040ED24
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F,?,tempdisk1folder,?,00000000), ref: 0040ED38
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F,?,tempdisk1folder,?,00000000), ref: 0040ED48
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrlenA.KERNEL32(?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1BA
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1D6
                                                                                                                                                                                                                  • Part of subcall function 0041C1B0: lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1DE
                                                                                                                                                                                                                  • Part of subcall function 0040F36B: __EH_prolog.LIBCMT ref: 0040F370
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,80000002,Software\Microsoft\Windows\CurrentVersion,000F003F,?,tempdisk1folder,?,00000000), ref: 0040ED7B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$Valuelstrcpy$CharDeleteH_prologNextQuerylstrcmplstrlen
                                                                                                                                                                                                                • String ID: %IS_T%$Software\Microsoft\Windows\CurrentVersion$tempdisk1folder
                                                                                                                                                                                                                • API String ID: 2302879836-2587550752
                                                                                                                                                                                                                • Opcode ID: e09d734024c7f58a9432d6aa39a75d5ad26672cda3ea65392ef9d2b2b8a95105
                                                                                                                                                                                                                • Instruction ID: 28c4b8f0c037b01678285ea8ef2dc077e56a535634d23eaa914cb641efa6de59
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e09d734024c7f58a9432d6aa39a75d5ad26672cda3ea65392ef9d2b2b8a95105
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6331AB3190412AEFDB10DFA5CC86AEEBB78FF04344F10443BE516B62E1CB785A45CA98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040E6B6 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 81windowstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040E6BB
                                                                                                                                                                                                                  • Part of subcall function 00406B7B: __EH_prolog.LIBCMT ref: 00406B80
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,00000452,?,EvalMarker.dat,?,?,?,00000000,00000000), ref: 0040E715
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,?,Evaluation,00000000), ref: 0040E748
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,This Setup was created with a BETA VERSION of InstallShield,Beta,00000000), ref: 0040E79C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologMessage$lstrlen
                                                                                                                                                                                                                • String ID: Beta$BetaMarker.dat$EvalMarker.dat$Evaluation$This Setup was created with a BETA VERSION of InstallShield$This Setup was created with an EVALUATION VERSION of InstallShield
                                                                                                                                                                                                                • API String ID: 462305206-698052042
                                                                                                                                                                                                                • Opcode ID: 0ad345bea54cc22e361a899b8be7b9ffc22e4646a86a914c0179659135432077
                                                                                                                                                                                                                • Instruction ID: 174bb80637deb6f7fa4484994e3b3dce9c50fb9d4f30f20d646532b5821cf6b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ad345bea54cc22e361a899b8be7b9ffc22e4646a86a914c0179659135432077
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD21F735900611ABCB21A723AC46E6F7B74EB95369F10443FF402B31D2DB3C5951DA5D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042CC4B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,00437228,00000001,00000000,00000000,02151168,00000002,00446CEC,?,?,?,00000000,02151168,00000000,00000000), ref: 0042CC8D
                                                                                                                                                                                                                • LCMapStringA.KERNEL32(00000000,00000100,00437224,00000001,00000000,00000000), ref: 0042CCA9
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,02151168,00000000,?,?,?,02151168,00000002,00446CEC,?,?,?,00000000,02151168,00000000,00000000), ref: 0042CCF2
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(lD,00000220,00000000,?,00000000,00000000,00000000,00000000,02151168,00000002,00446CEC,?,?,?,00000000,02151168), ref: 0042CD25
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000220,?,?,?,?,00000000,00000000), ref: 0042CD7C
                                                                                                                                                                                                                • LCMapStringA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 0042CD98
                                                                                                                                                                                                                • LCMapStringA.KERNEL32(?,00000000,?,?,?,00000000), ref: 0042CDEE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 352835431-1556624830
                                                                                                                                                                                                                • Opcode ID: 10947a4315cbda0e18514c9823c4978a05e2c521beef97b5326c09aed9e2adea
                                                                                                                                                                                                                • Instruction ID: 376e36c80c75f2c16c76355f1e9c61357df4e1d8c537e338865f9a4f9a09e1d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10947a4315cbda0e18514c9823c4978a05e2c521beef97b5326c09aed9e2adea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC517171A01229BBCF228F95EC85AEF7F75FF09790F514126F914A2260C3398851DBE9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00424C7F Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: LoadLibraryA.KERNEL32(wininet.dll,00000000,004087FF,?,00000000,?,00408A30,?,00000000,?,00000000,00000001,00000000), ref: 00422BB2
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(00000000,InternetOpenA), ref: 00422BD2
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetOpenUrlA), ref: 00422BE4
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetConnectA), ref: 00422BF6
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetCrackUrlA), ref: 00422C08
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetCreateUrlA), ref: 00422C1A
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetCloseHandle), ref: 00422C2C
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetReadFile), ref: 00422C3E
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00422C50
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(FtpFindFirstFileA), ref: 00422C62
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetGetLastResponseInfoA), ref: 00422C74
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetSetOptionA), ref: 00422C86
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetGetConnectedState), ref: 00422C98
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetAutodial), ref: 00422CAA
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetErrorDlg), ref: 00422CBC
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(HttpOpenRequestA), ref: 00422CCE
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(HttpSendRequestA), ref: 00422CE0
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(HttpSendRequestExA), ref: 00422CF2
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(HttpEndRequestA), ref: 00422D04
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetQueryOptionA), ref: 00422D16
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetQueryDataAvailable), ref: 00422D28
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetCanonicalizeUrlA), ref: 00422D3A
                                                                                                                                                                                                                  • Part of subcall function 00422B9D: GetProcAddress.KERNEL32(InternetGetCookieA), ref: 00422D4C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00002EE6,?,00000000,00000001), ref: 00424CE8
                                                                                                                                                                                                                  • Part of subcall function 00422F8E: SetLastError.KERNEL32(0000007F,00424EDF,?,00000000,00000000,0000003C,00000000,00000001,?,00424CB3,?,00000000,00000001), ref: 00422FA6
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00424D6B
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,00000000,00000001), ref: 00424DB3
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?,?,?,?,00000000,00000001), ref: 00424DC7
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00000001), ref: 00424DCC
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 00424DE2
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,?), ref: 00424DEF
                                                                                                                                                                                                                  • Part of subcall function 00422F12: SetLastError.KERNEL32(0000007F), ref: 00422F2D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$ErrorLast$lstrcpylstrlen$LibraryLoadlstrcatlstrcmpi
                                                                                                                                                                                                                • String ID: <$GET
                                                                                                                                                                                                                • API String ID: 4248792880-427699995
                                                                                                                                                                                                                • Opcode ID: c32312a18d096532504a5afd8db9bd4cb92938a4ea466f3586da94a484c2de63
                                                                                                                                                                                                                • Instruction ID: e5bf81f5f9c7f0e375d2428f5079ca003d3af87c6987d33dd811622813eec76d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c32312a18d096532504a5afd8db9bd4cb92938a4ea466f3586da94a484c2de63
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9519F31A00119BBDF11AF91EC05DEF7F79FF88340F95806AF904A6261DB398911DB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004126F3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004126F8
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 004185A0: __EH_prolog.LIBCMT ref: 004185A5
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,0000002C,00000001,?,?,00000001,?,?,00000104), ref: 00412782
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,langpack.exe), ref: 004127A3
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,?,00000001), ref: 004127DF
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,vjredist20-LP.exe), ref: 00412800
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcatlstrcpy$ByteCharErrorLastMultiWidelstrlen
                                                                                                                                                                                                                • String ID: langpack.exe$langpack20.exe$vjredist-LP.exe$vjredist20-LP.exe
                                                                                                                                                                                                                • API String ID: 2742542527-1679877701
                                                                                                                                                                                                                • Opcode ID: dfccf15bcae58a16b87cf820757deec326fbbb829f4befe4f97f63145ba4e797
                                                                                                                                                                                                                • Instruction ID: c03bdd968159d096216765652edb841b77b8ff03bc41aeaf5de5c11247995220
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfccf15bcae58a16b87cf820757deec326fbbb829f4befe4f97f63145ba4e797
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68417D71D00219EBCF10EFE0CE95AEEB7B8BB08304F10416FE516A6281D6785A85CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00413075 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041307A
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000001,InstallerLocation,00000000,?,?,00000000,80000002,Software\Microsoft\Windows\CurrentVersion\Installer,00020019,DotNetDelayReboot,0043DDF0,?,00000010,1.1,00000000,00000000), ref: 004131C8
                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?), ref: 004131D5
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000001,Software\Microsoft\Windows\CurrentVersion\Installer,00020019,DotNetDelayReboot,0043DDF0,?,00000010,1.1,00000000,00000000), ref: 004131E4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCurrentDirectoryH_prologQueryValue
                                                                                                                                                                                                                • String ID: 1.1$DotNetDelayReboot$InstallerLocation$Software\Microsoft\Windows\CurrentVersion\Installer$y
                                                                                                                                                                                                                • API String ID: 455272628-1945290866
                                                                                                                                                                                                                • Opcode ID: 878855910c11b1544c15c98250b811ae8a34096ba8274cd72a5fc25f74179660
                                                                                                                                                                                                                • Instruction ID: 11ac3e5138769e8f1090a7277e45fbe3305010cb1e14b5202fde768caa64b3e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 878855910c11b1544c15c98250b811ae8a34096ba8274cd72a5fc25f74179660
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2418071A00249BFEF11CF58D891AEE7BB4FB08305F10407BFA01A7251C7799A94CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00424B39 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 111stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0042311F: SetLastError.KERNEL32(0000007F,00424B50,00000000,00000000,?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001), ref: 00423137
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001,00000000,00000001), ref: 00424B6E
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00424BAB
                                                                                                                                                                                                                • lstrcatA.KERNEL32(004364BC,?,?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001,00000000,00000001), ref: 00424BC5
                                                                                                                                                                                                                • ResetEvent.KERNEL32(?,?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001,00000000,00000001,00000000), ref: 00424BD3
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00424766,00000000,?,?,00000000,?,0041A519,00000001,00000000,00000001,00000000,?,00411526,?,00000027), ref: 00424BFD
                                                                                                                                                                                                                  • Part of subcall function 0042314C: SetLastError.KERNEL32(0000007F,00424B68,?,00000000,?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001), ref: 00423164
                                                                                                                                                                                                                • ResetEvent.KERNEL32(?,?,00002F00,?,?,00424766,00000000,?,?,00000000,?,0041A519,00000001,00000000,00000001,00000000), ref: 00424C4F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$EventReset$lstrcatwsprintf
                                                                                                                                                                                                                • String ID: A$Range: bytes=%d-$Range: bytes=%d-
                                                                                                                                                                                                                • API String ID: 4195990047-4039695729
                                                                                                                                                                                                                • Opcode ID: 39a0dbe9de1a7eaf4b3244032b1aab8701878bea00b110e44b4dd4bdf672082a
                                                                                                                                                                                                                • Instruction ID: 09b5bf4826b01f0cccc8fd67c626407b93c0eff6af646a9daecf2d2f54682e22
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39a0dbe9de1a7eaf4b3244032b1aab8701878bea00b110e44b4dd4bdf672082a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9441A671201611EFD7219F69EC44F67BBE9EF45310F61866EF4AA832A0D735AC409B28
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041AF5D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDlgItemTextA.USER32(?,000003E8,?,00000064), ref: 0041AFA4
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 0041AFB3
                                                                                                                                                                                                                  • Part of subcall function 0041AF1A: wsprintfA.USER32 ref: 0041AF38
                                                                                                                                                                                                                  • Part of subcall function 0041AF1A: lstrcmpA.KERNEL32(?,?), ref: 0041AF49
                                                                                                                                                                                                                • EnableWindow.USER32(00000000,?), ref: 0041AFD3
                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 0041AFE0
                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 0041AFF6
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 0041B00F
                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 0041B068
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Item$DialogEnableWindow$Textlstrcmpwsprintf
                                                                                                                                                                                                                • String ID: Cancel$Password
                                                                                                                                                                                                                • API String ID: 2389365585-713941611
                                                                                                                                                                                                                • Opcode ID: f6544464789df71c6033baba51c7ad7fe1831004f0eb26f9919a20a7e1f74f14
                                                                                                                                                                                                                • Instruction ID: bfa5f413fb17d071a5f46a4c50abd9d321d0bd0d815be3b61d85d5e83ddf295d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6544464789df71c6033baba51c7ad7fe1831004f0eb26f9919a20a7e1f74f14
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D310B722112557BDB115F50DC06FEF3B69EB49740F004026FD05A62E2C7B8D992CB6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408DFD Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00408E02
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00436F5C,00000000,?,004083E1), ref: 00408E2F
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00436F5C,00000000,?,004083E1), ref: 00408E69
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(00000000), ref: 00408E77
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00408E84
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00436F5C,00000000,?,004083E1), ref: 00408E96
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$String$AllocH_prolog
                                                                                                                                                                                                                • String ID: @eC$HeC$HeC
                                                                                                                                                                                                                • API String ID: 1014970518-2250954990
                                                                                                                                                                                                                • Opcode ID: 96d443d9b383fd0f0197ca2dfd296a844ce707be455b6872f899f8485a0d7a4d
                                                                                                                                                                                                                • Instruction ID: 08d38075eaff4abbde2d6274fb32decf9952aeab011a607d772f4af9605d22ca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96d443d9b383fd0f0197ca2dfd296a844ce707be455b6872f899f8485a0d7a4d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59213371600602EFC720EF58E844A4AFBF4FF48719F12C4AEE4569B661C7B8E904CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00431BF8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0042FFBA,?,Microsoft Visual C++ Runtime Library,00012010,?,004374F0,?,00437540,?,?,?,Runtime Error!Program: ), ref: 00431C0A
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00431C22
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00431C33
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00431C40
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                • String ID: @uC$GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                                                                                • API String ID: 2238633743-1671037227
                                                                                                                                                                                                                • Opcode ID: 8ec34cb2ca066ebb8bb96c2ad777df5e64e8d904378c65f0043e55f64c49521a
                                                                                                                                                                                                                • Instruction ID: 21eab27e6d0fbc1a81f9b046c308e3c963234c9d9a73d60ab7cc12cd4c47e425
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec34cb2ca066ebb8bb96c2ad777df5e64e8d904378c65f0043e55f64c49521a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC014475744712AFDB11AFB59C849277EE8EA4E791B18343BA140C2232DF78C811DF68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D960 Relevance: 15.1, APIs: 10, Instructions: 97windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowLongA.USER32(?,00000000), ref: 0041D96F
                                                                                                                                                                                                                • DefWindowProcA.USER32(?,00000002,?,?), ref: 0041D9A0
                                                                                                                                                                                                                • GetDC.USER32(?), ref: 0041D9BE
                                                                                                                                                                                                                • SelectPalette.GDI32(00000000,?,00000000), ref: 0041D9C8
                                                                                                                                                                                                                • RealizePalette.GDI32(00000000), ref: 0041D9CF
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0041D9E2
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0041D9ED
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0041DA09
                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 0041DA19
                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0041DA3C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PaintPaletteReleaseWindow$BeginLongProcRealizeSelect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1992308970-0
                                                                                                                                                                                                                • Opcode ID: 0da43d5207372106877151cae9fbf2ffb43aa001c7fb7c11bf232281352f0581
                                                                                                                                                                                                                • Instruction ID: bfdc3f22ba41e9e1c8685eb7bff1e981e78ea3e0fdbf088c55b85e6da025c381
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0da43d5207372106877151cae9fbf2ffb43aa001c7fb7c11bf232281352f0581
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C431B1B2800205BBCB22AFA5CC48EFF7BB9FF45740F05842AF90591160C739D8A1DB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041240C Relevance: 15.1, APIs: 10, Instructions: 86stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00442430,00000000,00000104,00000000,00442430,00000104), ref: 0041246C
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00412476
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0041248B
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00412492
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00412499
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043DAC8), ref: 004124C6
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 004124CC
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 004124D7
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00000000), ref: 004124E1
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 004124EC
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcatlstrlen$H_prolog
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1205604976-0
                                                                                                                                                                                                                • Opcode ID: f963466d844bf4471207eb7732be05a5ab68c4bc6b2dc4525a0ea6410a7068b8
                                                                                                                                                                                                                • Instruction ID: ea915357a62374a6a95c131a4529bea00cd78616248b9a70fdf1f109a28c8ef6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f963466d844bf4471207eb7732be05a5ab68c4bc6b2dc4525a0ea6410a7068b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D219472A0021DBBDF219F61CD85AEF7FA9AB44350F04807BFA0496150D6B9D9A1CF94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040ED89 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 72stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext$H_prologlstrcpy
                                                                                                                                                                                                                • String ID: /uninst$uninst
                                                                                                                                                                                                                • API String ID: 657457634-947040270
                                                                                                                                                                                                                • Opcode ID: a05118d561bc944db2f1da50549dd7d5aa8afbec9ff4090d27a816457bb8637f
                                                                                                                                                                                                                • Instruction ID: 2972e0ab8b37ab7594396d43717b7634baa6c8f9651d0474a8b37385abaa59e6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05118d561bc944db2f1da50549dd7d5aa8afbec9ff4090d27a816457bb8637f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F31106B194411AAAC7289B1ADC49FFE2B69EF45344F14443FF006A62D0CB3C49839B5A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417117 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 277COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologwsprintf
                                                                                                                                                                                                                • String ID: 1033$UseDotNetUI$y
                                                                                                                                                                                                                • API String ID: 1529278910-1376376707
                                                                                                                                                                                                                • Opcode ID: ccd429ef1b61829d67e0ebd72d861fa61ae7a5d54f8bd66b2477628eea99efcd
                                                                                                                                                                                                                • Instruction ID: cac3ca5eb93155f9d7a9c716e82c3d0dda47a6cdb5e9a82197c00acc25662d01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccd429ef1b61829d67e0ebd72d861fa61ae7a5d54f8bd66b2477628eea99efcd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2B10471908249EFCF11DFA4CC91ADEBBB5AF05314F1080AFE815A7281DB385A84CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D453 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 224COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041D458
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041D54F
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeStringwsprintf
                                                                                                                                                                                                                • String ID: %s$ %s"%s"$ %s%s$auto$no_engine
                                                                                                                                                                                                                • API String ID: 596253847-2763530121
                                                                                                                                                                                                                • Opcode ID: 341c9457b32b4280d7b93e4715a7aca5bd9558db42e59976b9098523874ea40f
                                                                                                                                                                                                                • Instruction ID: f147aa08387fd41411ac16ccd33d434808ae542329e0ae0367a0f562add45bb1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 341c9457b32b4280d7b93e4715a7aca5bd9558db42e59976b9098523874ea40f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1981F4B1D00249BAEF19DBA4CC51AEE7778AF15318F1080ABF545A71D2DB785F88CB24
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041746C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 162registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00417471
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                  • Part of subcall function 00417673: __EH_prolog.LIBCMT ref: 00417678
                                                                                                                                                                                                                  • Part of subcall function 00417673: VariantChangeType.OLEAUT32(?,?,00000000,00000002), ref: 004176B8
                                                                                                                                                                                                                  • Part of subcall function 00417673: VariantClear.OLEAUT32(?), ref: 0041787C
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,?,?,00000000,?,00000001,00000000), ref: 004174DB
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,Version,00000000,00000000,00000000,?,?), ref: 0041754A
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,00000000,?), ref: 0041765C
                                                                                                                                                                                                                  • Part of subcall function 0040A6E5: RegCloseKey.ADVAPI32(?,00000000,00417945), ref: 0040A6F1
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$CloseVariant$ByteChangeCharClearFreeMultiOpenQueryStringTypeValueWidelstrlen
                                                                                                                                                                                                                • String ID: 4$D$Version$tdC$|dC
                                                                                                                                                                                                                • API String ID: 2713112498-2054133192
                                                                                                                                                                                                                • Opcode ID: 4c65fccc77970071ee4fe3f7ea599cdd9ff6bc931580c4e9ec9bb3cfeedfe750
                                                                                                                                                                                                                • Instruction ID: 915e9142c7cb239fd9524e9a92c6e39ab87707ffe32ce7799bd3684a64c704a2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c65fccc77970071ee4fe3f7ea599cdd9ff6bc931580c4e9ec9bb3cfeedfe750
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1251CE71900209EFDB04DFA9C851BEEBBB9AF44304F10806EE509A7281DB786B49CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00424141 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0042430A: lstrlenA.KERNEL32(?,00000000,00424163,network.proxy.type,@B,?,00000000,?,004240E1,?,?,?,?,?,00000000), ref: 00424323
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,0043F074,0000003D,@B,00000001), ref: 00424222
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043F00C,786F7250,00000001,?), ref: 0042425B
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0043DAC8,786F7250,00000001,?), ref: 0042427E
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00000000,@B,00000001,00000001,0000003D,@B,00000001), ref: 004242B3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcat$lstrcpynlstrlen
                                                                                                                                                                                                                • String ID: "network.proxy.autoconfig_url"$"network.proxy.no_proxies_on"$network.proxy.type$@B
                                                                                                                                                                                                                • API String ID: 4136844717-190983364
                                                                                                                                                                                                                • Opcode ID: e0c4ac43c4b46277f6b562b24e3fc7d256f9755b1ee729d5b2f877a454da777b
                                                                                                                                                                                                                • Instruction ID: 20023f5d623b393f4cb68cd24f7da78ca8b19f7854d705e1df1b5eeb00a89689
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0c4ac43c4b46277f6b562b24e3fc7d256f9755b1ee729d5b2f877a454da777b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07515C75E0021DFADF11DF91DC40ADEBBB9FB48308F5050AAE940A2251D7799B48CFA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041B6B9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041B6BE
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: __EH_prolog.LIBCMT ref: 0041BA3E
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: GetLastError.KERNEL32(00000001,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BA6B
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: SetLastError.KERNEL32(00000000,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BAA5
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: SysStringLen.OLEAUT32(00000000), ref: 0041BAB3
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0041BAC0
                                                                                                                                                                                                                  • Part of subcall function 0041BA39: SetLastError.KERNEL32(00000000,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BAD2
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041B73F
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041B75A
                                                                                                                                                                                                                  • Part of subcall function 0041B823: SysAllocStringLen.OLEAUT32(00000000,0041F03F), ref: 0041B84A
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041B794
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041B7AF
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041B7CC
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041B7E4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$ErrorLastwsprintf$AllocH_prolog
                                                                                                                                                                                                                • String ID: %d
                                                                                                                                                                                                                • API String ID: 3988536702-4214805362
                                                                                                                                                                                                                • Opcode ID: cab86b0701d023f160730affd2becc162d7c7750923996db2695c142bd69e5a8
                                                                                                                                                                                                                • Instruction ID: 375ffe97a8de69138e1c04830ba868a0b8a1022135d3c3a6a8137fa46a26c47a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cab86b0701d023f160730affd2becc162d7c7750923996db2695c142bd69e5a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1416F71D10119ABCF00EFA5DC50EEEB3B9FF88314F04442AF505A7180DB78AA44CB94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004124F5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104windowstringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004204D4: wsprintfA.USER32 ref: 004204E6
                                                                                                                                                                                                                  • Part of subcall function 004204D4: LoadStringA.USER32(?,?,?), ref: 00420511
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00412584
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004125CD
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,00000001), ref: 004125E5
                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,?,0000066E,00000024), ref: 004125F7
                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,000003EA), ref: 0041260D
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000000F,00000000,00000000), ref: 00412618
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,00000000), ref: 00412620
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Send$wsprintf$ItemLoadStringlstrcat
                                                                                                                                                                                                                • String ID: 1.1
                                                                                                                                                                                                                • API String ID: 4105038997-2150719395
                                                                                                                                                                                                                • Opcode ID: e658e4910b19a5c1e777deb51941b16261a3ebaae6e22e8a1ccb1ee607928032
                                                                                                                                                                                                                • Instruction ID: e4acebc9c418097169fe4d13fd225f0ce01c4f797424f5655351e1f41acc505d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e658e4910b19a5c1e777deb51941b16261a3ebaae6e22e8a1ccb1ee607928032
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23315BB2A0021CBFDB10DB98DD85ADEBBBDEB48304F0044B6F604E2251D675AF548F65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00423266 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0042341B: RegQueryValueA.ADVAPI32(80000000,.htm,?,00000000), ref: 00423447
                                                                                                                                                                                                                  • Part of subcall function 0042341B: lstrcatA.KERNEL32(?,\shell\open\command,?,00000000), ref: 00423461
                                                                                                                                                                                                                  • Part of subcall function 0042341B: RegQueryValueA.ADVAPI32(80000000,?,?,00000000), ref: 0042347D
                                                                                                                                                                                                                  • Part of subcall function 0042341B: lstrlenA.KERNEL32(?,?,00000000), ref: 00423492
                                                                                                                                                                                                                  • Part of subcall function 0042341B: CharLowerBuffA.USER32(?,00000000,?,00000000), ref: 004234A0
                                                                                                                                                                                                                  • Part of subcall function 0042341B: lstrcpynA.KERNEL32(?,00000022,-0000000D,?,00000000), ref: 004234E0
                                                                                                                                                                                                                • RegOpenKeyA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Internet Settings,00000000), ref: 0042329D
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,ProxyEnable,00000000,00000000,00000000,00000001), ref: 004232C7
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,AutoConfigURL,00000000,00000000,?,00000004), ref: 004232EC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue$BuffCharLowerOpenlstrcatlstrcpynlstrlen
                                                                                                                                                                                                                • String ID: AutoConfigURL$Mozilla$Netscape$ProxyEnable$Software\Microsoft\Windows\CurrentVersion\Internet Settings
                                                                                                                                                                                                                • API String ID: 1707546657-1830847130
                                                                                                                                                                                                                • Opcode ID: f5f14f72a4ec8829340d14d3faa90ff461394863ae8db8d4265612d790714b08
                                                                                                                                                                                                                • Instruction ID: 7a6f2478af135ae9a34d9cdf7373e2a56c0581671e217254cb856084546fd579
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5f14f72a4ec8829340d14d3faa90ff461394863ae8db8d4265612d790714b08
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D316270B01229FADF10DF95D881AAEBA79EB04715F90806BF901A6240DB7C8F45DB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00415188 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75stringregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,80000002,00000000,00000000,00000000,?,75A8EB20,80000002), ref: 004151D2
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 004151FD
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000022," /%), ref: 00415215
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000022,00000000), ref: 00415233
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000022), ref: 0041523C
                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,80000002,00000000,00000001,00000022,00000001), ref: 00415254
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Valuelstrcat$Querylstrcpylstrlen
                                                                                                                                                                                                                • String ID: "$" /%
                                                                                                                                                                                                                • API String ID: 3753562477-2760458533
                                                                                                                                                                                                                • Opcode ID: b057cf4cf2c28fdd6ce877c5366f8ad59cfc0fd258069b04ed0efb3cd0318947
                                                                                                                                                                                                                • Instruction ID: 2e5d06eb1207e977dea86c9cefa3f1620da484600f571c4af460f35f49cd7ecf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b057cf4cf2c28fdd6ce877c5366f8ad59cfc0fd258069b04ed0efb3cd0318947
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21657694421DBBDF10DBA0CC49FDA777CEB58300F1045BAB605E3190DAB4AA848FA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417EDD Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeH_prologString
                                                                                                                                                                                                                • String ID: .mst$.mst"$4$D$4$D$tdC$|dC
                                                                                                                                                                                                                • API String ID: 2053926061-1066576936
                                                                                                                                                                                                                • Opcode ID: 0b2fd927f3906aa1ba47d863fc7fc3cbf77ad9938a83ce7fb4fe80413f01fa10
                                                                                                                                                                                                                • Instruction ID: 6be5e2ebd1017343dd79104aefd789f21ab5518799d5b762fa4aa5c4513a5e7b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b2fd927f3906aa1ba47d863fc7fc3cbf77ad9938a83ce7fb4fe80413f01fa10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0221EB71A01109BBDF08EF99E8918EEB779EF58318F40802FF416A7261DB795A44CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004247F1 Relevance: 13.7, APIs: 9, Instructions: 176COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,00000000,00000000,000F4240,00000000,00000000,00000000,000003E8,00000000), ref: 0042485F
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00424867
                                                                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 00424877
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 004248CD
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004248DB
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00424954
                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00424972
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042497C
                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004249A2
                                                                                                                                                                                                                  • Part of subcall function 00424A1A: GetTickCount.KERNEL32 ref: 00424A24
                                                                                                                                                                                                                  • Part of subcall function 00424A1A: GetTickCount.KERNEL32 ref: 00424A75
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountTick$Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery$EventReset__allrem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4096811595-0
                                                                                                                                                                                                                • Opcode ID: 0da5cc1cc80bbfc41651083552b9f29bf4a7cfaba8be55927174a7495424490e
                                                                                                                                                                                                                • Instruction ID: 21262dd447b2f7611e4046444e0be19227f51d49df166cc9555cd0b74b991195
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0da5cc1cc80bbfc41651083552b9f29bf4a7cfaba8be55927174a7495424490e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF616C70F00755AFDB14DFA5D840BEEBBF6EF88314F40882EE55AA6240D7786940CB28
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00424507 Relevance: 13.6, APIs: 9, Instructions: 142stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004230BE: SetLastError.KERNEL32(0000007F,0042451C,?,0042445B,?,00000001,?,00411749,00000000,00000000,80400100,?,00000001,00000000,004114CD, fC), ref: 004230D6
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,?,00000001,?,00411749,00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000), ref: 0042456D
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000,?,00000001,?,00411749,00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000,00000001), ref: 0042457F
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,?,00000001,?,00411749,00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000), ref: 00424586
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000001,?,00000001,?,00411749,00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080), ref: 0042459C
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,?,00000000,00000001,00000000), ref: 00424604
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrlen$ErrorLast$lstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2253992269-0
                                                                                                                                                                                                                • Opcode ID: 12ab8fb42d600d75f3380fdd5dda6c170927d4bad091db8cfb4316c3638e7385
                                                                                                                                                                                                                • Instruction ID: d07a77cdbab228363cb240115b62aae38f4709fa14c59cd4f469f0c165b21bfd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ab8fb42d600d75f3380fdd5dda6c170927d4bad091db8cfb4316c3638e7385
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C41C0B1600356AFDB24DF74EC85BAB7BE9FF44314F50892BF55A87291D73898408B18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040121E Relevance: 13.6, APIs: 9, Instructions: 64windowmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000418,?,004011A9,00000000,?,00000000,?), ref: 00401226
                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000,?,00000000,00000000,?,004011A9,00000000,?,00000000,?), ref: 00401238
                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0040126E
                                                                                                                                                                                                                • GetSystemPaletteEntries.GDI32(00000000,00000000,0000000A,00000004), ref: 00401285
                                                                                                                                                                                                                • GetSystemPaletteEntries.GDI32(00000000,000000F6,0000000A,000003DC), ref: 00401296
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0040129B
                                                                                                                                                                                                                • CreatePalette.GDI32(00000000), ref: 004012AD
                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,004011A9,00000000,?,00000000,?), ref: 004012B6
                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004012BD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$Palette$EntriesSystem$AllocCreateFreeLockReleaseUnlock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 685945034-0
                                                                                                                                                                                                                • Opcode ID: 8bc9eec6ebd7b93aff05518640aae4a61e4253bea5089f996bf9147cee307aea
                                                                                                                                                                                                                • Instruction ID: c462dd88e171b84da3c6110138fd989195606c93d1de056d12346dcf62724be3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bc9eec6ebd7b93aff05518640aae4a61e4253bea5089f996bf9147cee307aea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 201138361483417FE3219B60DC89FAB7BACDF55705F0680A9F64A973E1D5659404C335
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DA5C Relevance: 13.6, APIs: 9, Instructions: 63windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 0041DA8B
                                                                                                                                                                                                                • RealizePalette.GDI32(?), ref: 0041DA91
                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0041DA98
                                                                                                                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 0041DAAA
                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 0041DAB6
                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00CC0020), ref: 0041DACF
                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 0041DAD8
                                                                                                                                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 0041DAE8
                                                                                                                                                                                                                • DrawIcon.USER32(?,00000000,00000000,?), ref: 0041DAF4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: PaletteSelect$Object$CompatibleCreateDeleteDrawIconRealize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2931627916-0
                                                                                                                                                                                                                • Opcode ID: 10b9373117f3e31c9d064284bb2fc54fd32d88a4981a117cbdbf22356883f881
                                                                                                                                                                                                                • Instruction ID: b139a7e2da0c0b36c65c4fabf49beb446df36b4ba5f869a5b15d015831f18801
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10b9373117f3e31c9d064284bb2fc54fd32d88a4981a117cbdbf22356883f881
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B11047280121AFBCF22DFA1ED49CDF7F39FF09791B119026FA06A1121C6718960DBA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417B2E Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 202COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00417B33
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: 1033$4$D$J#Version$SOFTWARE\Microsoft\Visual JSharp Setup\Redist$tdC$|dC
                                                                                                                                                                                                                • API String ID: 3519838083-1452648423
                                                                                                                                                                                                                • Opcode ID: 2ecc820b7afe85ecbf23ecfd505d300de37fd4a2729dc08c3442fee0f1619cfc
                                                                                                                                                                                                                • Instruction ID: 507f60a1c8d1acf04fc414fd3ee7bb813defc09193c539cdf6c4bfb40f5e78bf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ecc820b7afe85ecbf23ecfd505d300de37fd4a2729dc08c3442fee0f1619cfc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9771C271904149AFDF15DBE5C891EEEBB78EF58304F10416FE106B3281EB785A88CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041EDDD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041EDE2
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0041EEDC
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(00000000), ref: 0041EEEF
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0041EEFA
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0041EF31
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$Free$AllocH_prolog
                                                                                                                                                                                                                • String ID: 4$D$4$D
                                                                                                                                                                                                                • API String ID: 1127608971-2087057052
                                                                                                                                                                                                                • Opcode ID: c2642d2fae8399ab63b718946cf69e794050db0791af315661d9020be6dc7fa7
                                                                                                                                                                                                                • Instruction ID: 3d2b11f786ca787b4de176111387608abff097190d59b0ab0c5b8c65f7e5023d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2642d2fae8399ab63b718946cf69e794050db0791af315661d9020be6dc7fa7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3741A275E0121AABCF14DFA5C585BEEBBB4EF05314F10802EEC56A7281D7389E46CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041F108 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 121stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041F10D
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0043E954,?,00000000,00000000,?,00000001,?,02151168,00000104,00000000), ref: 0041F1B0
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,?,?,0043E954,?,00000000,00000000,?,00000001,?,02151168,00000104,00000000), ref: 0041F200
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,0043D268), ref: 0041F250
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileH_prologModuleNamelstrcmpilstrcpy
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$CloneSetupExe$Startup
                                                                                                                                                                                                                • API String ID: 2980300312-689127531
                                                                                                                                                                                                                • Opcode ID: bd2d9b8e35c9d7189b1ab8260c62c3d03d8f9119637ea8d4dfc8428d6a48e61f
                                                                                                                                                                                                                • Instruction ID: a89940b1fbeadb2c987a7f51e3fe31fa5ffc74693225845d64b9db5208ac2148
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd2d9b8e35c9d7189b1ab8260c62c3d03d8f9119637ea8d4dfc8428d6a48e61f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E41E571901118ABDB15E7A5DC45FDEBBB8AF08314F1440ABF505721A2CB385F89CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042FFE9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(00000001,00437228,00000001,?,74DEE860,00446CEC,?,?,0042AC67,?,?,?,00000000,00000001), ref: 00430028
                                                                                                                                                                                                                • GetStringTypeA.KERNEL32(00000000,00000001,00437224,00000001,?,?,0042AC67,?,?,?,00000000,00000001), ref: 00430042
                                                                                                                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,0042AC67,74DEE860,00446CEC,?,?,0042AC67,?,?,?,00000000,00000001), ref: 00430076
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,lD,?,?,00000000,00000000,74DEE860,00446CEC,?,?,0042AC67,?,?,?,00000000,00000001), ref: 004300AE
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0042AC67,?), ref: 00430104
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,?,00000000,0042AC67,?,?,?,?,?,?,0042AC67,?), ref: 00430116
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 3852931651-1556624830
                                                                                                                                                                                                                • Opcode ID: 51d3e40623a425d674136ab744249708f43883cb35fda918782cca90f1336849
                                                                                                                                                                                                                • Instruction ID: 2dfb28a19e66197c57772416c2a478a3bc5ca65be8ea0a82ba3d8694f6c095c5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51d3e40623a425d674136ab744249708f43883cb35fda918782cca90f1336849
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90419E72600219BFCF219F94DC86EAF3FB9FB09750F105626F911D2261C3398950CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040729E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 107stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004072A3
                                                                                                                                                                                                                  • Part of subcall function 00407511: __EH_prolog.LIBCMT ref: 00407516
                                                                                                                                                                                                                • lstrlenA.KERNEL32(-000000AC,74DF0440,00000000), ref: 004073AD
                                                                                                                                                                                                                  • Part of subcall function 004073CA: __EH_prolog.LIBCMT ref: 004073CF
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?,00000001,0000044F,?,00000000,74DF0440,00000000), ref: 0040732D
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 00407353
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(000000AC,00000000), ref: 00407373
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrcpy$lstrlen
                                                                                                                                                                                                                • String ID: dC$dC
                                                                                                                                                                                                                • API String ID: 2247916824-1756646014
                                                                                                                                                                                                                • Opcode ID: 113a2c55f5c0c5f70213bf6f720e7aafed291e686b1e43b1f67bd22b7e8e065b
                                                                                                                                                                                                                • Instruction ID: 15d896c2d643a637115fc5ca65932bb7dcc3cdfe0e286399d3d3042cbd1b60ea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 113a2c55f5c0c5f70213bf6f720e7aafed291e686b1e43b1f67bd22b7e8e065b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B316472E00209AFDB11DBE8D841AEEB7B8AF08314F11857AE501F7291DB78AD05CB55
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042FE96 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 0042FF03
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,004374F0,00000000,00000000,00000000,?), ref: 0042FFD9
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000), ref: 0042FFE0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                • API String ID: 3784150691-4022980321
                                                                                                                                                                                                                • Opcode ID: 3b9472befc7386072387c046e42ec49b18069bc2f128433625e7c111241535b4
                                                                                                                                                                                                                • Instruction ID: c66a6413e8c4cfd58a430854b9b472ed05ac98c63e705f5e7f23127cc8217d76
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9472befc7386072387c046e42ec49b18069bc2f128433625e7c111241535b4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2231D472B042286FDF20E660ED46F9A737CEF45354FE2007BF444D6151E678EA44CA59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00421EBD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00421EC2
                                                                                                                                                                                                                  • Part of subcall function 00407585: __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 00407585: lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,CSDVersion,00000000,?,00421DB7,?,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?), ref: 00421F96
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00421FA9
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,00000000,?,00000000), ref: 00420F26
                                                                                                                                                                                                                  • Part of subcall function 00420EF7: lstrcpyA.KERNEL32(?,?,?,00000000), ref: 00420F32
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,80000002,System\CurrentControlSet\Control\Windows,00020019,00000000,00000000,?,00000104,00000000,00000000,?,00000104,00000000,00000104,0041DD97), ref: 00421FBB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseH_prologlstrcpy$QueryValuelstrcmp
                                                                                                                                                                                                                • String ID: 1.20.1827.0$CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                                                                                                                                • API String ID: 3027755910-2233653695
                                                                                                                                                                                                                • Opcode ID: 55c32de6158b0dfee1fa1e3cb8f14c770759b425f614ba7b1d958469c5aeb9b4
                                                                                                                                                                                                                • Instruction ID: 53d3e99c72cce47337b56cc7db271bd34d9af66ccb15d960aa7c6acd180265d4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55c32de6158b0dfee1fa1e3cb8f14c770759b425f614ba7b1d958469c5aeb9b4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8319E76A00128BFDF10EF51ED85AEE7BB8EB18354F51843BF915A6150C7388A44CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004028AD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004028B2
                                                                                                                                                                                                                • GetLastError.KERNEL32(74DEDFA0,?,00000000,?,00402197,?,00000000,?,00000001,?,0041D5AB,no_engine,?,00000001,?,?), ref: 004028DB
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000001,00000000,?,00000000,?,00402197,?,00000000,?,00000001,?,0041D5AB,no_engine,?,00000001,?), ref: 0040290E
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000000,?,00402197,?,00000000,?,00000001,?,0041D5AB), ref: 0040292E
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000000,00000000,?,00000000,?,00402197,?,00000000,?,00000001), ref: 00402957
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,?,00402197,?,00000000,?,00000001,?,0041D5AB,no_engine,?,00000001,?,?), ref: 00402965
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$ByteCharMultiWide$H_prolog
                                                                                                                                                                                                                • String ID: 0$D
                                                                                                                                                                                                                • API String ID: 2853668335-1534285997
                                                                                                                                                                                                                • Opcode ID: d0fc4a93c592226fc3f1cda8eb5a2f13d66bde67c84b61f82c90581a773f54d0
                                                                                                                                                                                                                • Instruction ID: 35c42428d3c5931a0ce8c331020286a555cf0713168e4d2f4fb5c040b0f60850
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0fc4a93c592226fc3f1cda8eb5a2f13d66bde67c84b61f82c90581a773f54d0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB218BB5A00209FFCB109F59C98485ABBF9FF18304B01C56EF48997361C774E914CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00418BA1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00418BA6
                                                                                                                                                                                                                • GetLastError.KERNEL32(74DEDFA0,?,00000000,?,00418302,?,00000000,?,00000001,?,00414D5F,%IS_T%,?,00000001), ref: 00418BCF
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000001,00000000,?,00000000,?,00418302,?,00000000,?,00000001,?,00414D5F,%IS_T%,?,00000001), ref: 00418C02
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000000,?,00418302,?,00000000,?,00000001,?,00414D5F), ref: 00418C22
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,00000003,00000000,?,00000000,?,00418302,?,00000000,?,00000001), ref: 00418C4B
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,?,00418302,?,00000000,?,00000001,?,00414D5F,%IS_T%,?,00000001), ref: 00418C59
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$ByteCharMultiWide$H_prolog
                                                                                                                                                                                                                • String ID: 0$D
                                                                                                                                                                                                                • API String ID: 2853668335-1534285997
                                                                                                                                                                                                                • Opcode ID: 4640fc2359e376f618746b9ca91367ff6a5321ae4325cdbf764773f47810edcd
                                                                                                                                                                                                                • Instruction ID: 8ce4367c654559b5483e07eef8a6285b0690aff92648e1c4ad7e8c6ef91b2923
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4640fc2359e376f618746b9ca91367ff6a5321ae4325cdbf764773f47810edcd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 932169B560020AEFCB109F59D88489ABBF9FF58304B51C56EF58997221C775ED10CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004110C4 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 56stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004110C9
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,Title), ref: 004110E8
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,.ini,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,Title), ref: 00411110
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 004110E2
                                                                                                                                                                                                                • Title, xrefs: 004110D4
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 004110F9
                                                                                                                                                                                                                • .ini, xrefs: 0041110A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrcatlstrcpy
                                                                                                                                                                                                                • String ID: .ini$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Title
                                                                                                                                                                                                                • API String ID: 1260663600-3078348444
                                                                                                                                                                                                                • Opcode ID: bbf77ae7327c6b490c295908a09642af9129728c44eac269e7e38518952072c5
                                                                                                                                                                                                                • Instruction ID: 8c7d1b0b7a8bd9e9939fb0d6b9951b288bd2ec76323bc4c530e61154c1077396
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbf77ae7327c6b490c295908a09642af9129728c44eac269e7e38518952072c5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B511BB31D0021AABCF19EFA4DD06ADDB778AB08314F10816BF621B21D1D7785B49CB18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042FB6F Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429A02), ref: 0042FB8A
                                                                                                                                                                                                                • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00429A02), ref: 0042FB9E
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429A02), ref: 0042FBCA
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429A02), ref: 0042FC02
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429A02), ref: 0042FC24
                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00429A02), ref: 0042FC3D
                                                                                                                                                                                                                • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00429A02), ref: 0042FC50
                                                                                                                                                                                                                • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0042FC8E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1823725401-0
                                                                                                                                                                                                                • Opcode ID: ae4d662e5c75eee8dc112f59d349ea7feae464c48c879cdc3f6fb283f5ab0f3a
                                                                                                                                                                                                                • Instruction ID: 954bca5228a5187615d53452eb4e7d76622d962b70fbdac5bcf230e3523cde91
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae4d662e5c75eee8dc112f59d349ea7feae464c48c879cdc3f6fb283f5ab0f3a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E531D47270823A6FDB207F76BC8483FBAACF649354BD5053BF952C3201D6295C49826D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040C523 Relevance: 12.1, APIs: 8, Instructions: 61memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000,00000000,?,00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?,0043647C,?,00000000), ref: 0040C531
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000001,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C550
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C553
                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C571
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C58F
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C592
                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C59E
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,0040BC04,000000FF,?,?,00000000,000000FF,?), ref: 0040C5A1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$FileFree$AllocReadSize
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2832363368-0
                                                                                                                                                                                                                • Opcode ID: 6ed61d71266a004e6a533ff474d82ab097a5b7f351ba9305b5ab28a5985825ab
                                                                                                                                                                                                                • Instruction ID: 06fa46f43ff267aabce37f56437d11471b99db133dfde0e74e39182567da5c46
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ed61d71266a004e6a533ff474d82ab097a5b7f351ba9305b5ab28a5985825ab
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F118275604215BFDB10AFA5DC8CF6B3BACEF89765F018166F908CB190CA78A800CB74
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A943 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040A948
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 0040A9A1
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000400,?,00000400,?,00000000), ref: 0040AA0F
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$AddressErrorFileLastModuleNameProc
                                                                                                                                                                                                                • String ID: 4$D$RunISMSISetup$setup.exe
                                                                                                                                                                                                                • API String ID: 1604914643-1466735366
                                                                                                                                                                                                                • Opcode ID: 52817e1dcd90709053b4d1cb4811d67c0b9c9ceb00c7aecf14031e4dce73537e
                                                                                                                                                                                                                • Instruction ID: 5469a2c063578844b4b7d05540d3649eb9990aca4bb756e0676d97dd3d26f3db
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52817e1dcd90709053b4d1cb4811d67c0b9c9ceb00c7aecf14031e4dce73537e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A519F70A00208EFCB10DFA5C849AEEBBB8AF48304F14856EE555B72D1DB789A44CB59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040AEF4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040AEF9
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: 4$D$4$D$\$tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-3375390684
                                                                                                                                                                                                                • Opcode ID: 681bf7a4699b099a9ba24561477914b92e92791bfef7f50c30ddbd32f969715c
                                                                                                                                                                                                                • Instruction ID: 72ed7d0abf4185fd2adb02b117cad9902d2359448163417ff8d85423e648fa1e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 681bf7a4699b099a9ba24561477914b92e92791bfef7f50c30ddbd32f969715c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52516071D0024DDADB14EBA5C955BEEB7B8EF14304F10406FA516B72C1DB782B09CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004178F9 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 127registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004178FE
                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,00000000), ref: 0041792F
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00417A6E
                                                                                                                                                                                                                  • Part of subcall function 0040A6E5: RegCloseKey.ADVAPI32(?,00000000,00417945), ref: 0040A6F1
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseErrorH_prologLast$Open
                                                                                                                                                                                                                • String ID: 4$D$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1699883992-1127127110
                                                                                                                                                                                                                • Opcode ID: a046054a197f43adba35a4815cbb1052e58c48584add6fee8fdc69c4cef8c754
                                                                                                                                                                                                                • Instruction ID: 30eb84feb063182825c7715b8afb4b4ae9bf25d19793e49d79c854faf04d273f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a046054a197f43adba35a4815cbb1052e58c48584add6fee8fdc69c4cef8c754
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E414EB1900209EFDF04DF95C8919EEBB78FF14308F04846EF919A7292DB389A48CB55
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DE26 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 100COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041DE2B
                                                                                                                                                                                                                  • Part of subcall function 00406B7B: __EH_prolog.LIBCMT ref: 00406B80
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: __EH_prolog.LIBCMT ref: 0040B6E5
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: GetLastError.KERNEL32(00436474,00000001,0043647C,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000,00000001), ref: 0040B70E
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: SetLastError.KERNEL32(?,00000000,00000000,00000000,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 0040B763
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ErrorLast
                                                                                                                                                                                                                • String ID: tdC$tdC$tdC$|dC$|dC
                                                                                                                                                                                                                • API String ID: 2901101390-1609286963
                                                                                                                                                                                                                • Opcode ID: 14cf50cbe9fbdfbb06725dd5b89182b7b4ecd8cc3ee4765400ea9209bd76148b
                                                                                                                                                                                                                • Instruction ID: 81149633c312d71a6d523f27f206155d4b3ea56b161d4a27ddd2ea792c71970b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14cf50cbe9fbdfbb06725dd5b89182b7b4ecd8cc3ee4765400ea9209bd76148b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A84150B1D00259EFCB04DFA5C855AEEBB75FF18308F10802EE405B7292DB785A04CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A7BD Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040A7C2
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000400,?,00000400,?,00000000,0043647C,00436474,00000000), ref: 0040A827
                                                                                                                                                                                                                  • Part of subcall function 00409F70: __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                  • Part of subcall function 00409F70: GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                  • Part of subcall function 00409F70: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$ByteCharFileModuleMultiNameWidelstrlen
                                                                                                                                                                                                                • String ID: 4$D$ISSetup.dll$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1377904173-3982560847
                                                                                                                                                                                                                • Opcode ID: e33a34e795a993dc4a2c9c0d4ff0ad44d9566bb5622669de869f7a9bff5afe72
                                                                                                                                                                                                                • Instruction ID: 72f95f6b3470e6e326bf45d4a50237000afdec11536a84549f82656cade482dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e33a34e795a993dc4a2c9c0d4ff0ad44d9566bb5622669de869f7a9bff5afe72
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F4153B1D00148EFDB05DBA5C991BEDBBB8AF14308F1041AEE505B7292DB781F09CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407D27 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 79stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00407D47
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00407D66
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00407DDF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wsprintf$lstrlen
                                                                                                                                                                                                                • String ID: %s%s$ftp://$http://$https://
                                                                                                                                                                                                                • API String ID: 217384638-620530764
                                                                                                                                                                                                                • Opcode ID: 1d27c8a30fe3cb042a64f26a4621e5244e74c451bc0ba57fc56c30c1d454b868
                                                                                                                                                                                                                • Instruction ID: 11b26a3366618960e7597735bbb43597218ab23b532569e2a67bcd970b0218b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d27c8a30fe3cb042a64f26a4621e5244e74c451bc0ba57fc56c30c1d454b868
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68210576D083497EEB12ABB8AC41BAFBB689F06310F1451B7F540BA183D578E510876E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00425322 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(?,?,?,0042383B,?,?,00000000), ref: 00425332
                                                                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?,?,?,0042383B,?,?,00000000), ref: 00425352
                                                                                                                                                                                                                • VerQueryValueA.VERSION(?,0043E0A4,?,00000000,?,?,00000000,00000000,?,?,?,0042383B,?,?,00000000), ref: 0042536B
                                                                                                                                                                                                                • VerQueryValueA.VERSION(?,\VarFileInfo\Translation,;8B,00000000,80000000,00000104,?,0043E0A4,?,00000000,?,?,00000000,00000000,?,?), ref: 0042539D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileInfoQueryValueVersion$Size
                                                                                                                                                                                                                • String ID: ;8B$\VarFileInfo\Translation
                                                                                                                                                                                                                • API String ID: 2099394744-2474229566
                                                                                                                                                                                                                • Opcode ID: e2bfd9d930719eaa7355a92019f66b36226eb29f950d43cacc131ba6fe053ae3
                                                                                                                                                                                                                • Instruction ID: f621c51fa27129c0ca50ea07b130469e8b52a29b758b88675467a5f42f3e331b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2bfd9d930719eaa7355a92019f66b36226eb29f950d43cacc131ba6fe053ae3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E921BE72A00228BFDF00DEA5D881DAE7BBCEF44344BA050A7ED10DB255E7B5DA41CB64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004015F6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004015FB
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,74DF34C0,?,00000000,?,00401562,00000000,00000000,?,00000001,?,00000000,74DF2EE0), ref: 0040164A
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001,?,00000000,?,00401562,00000000,00000000,?,00000001,?,00000000), ref: 00401685
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00000001,?,00000000,?,00401562,00000000,00000000,?,00000001,?,00000000,74DF2EE0), ref: 0040169D
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharErrorH_prologLastMultiWidelstrlen
                                                                                                                                                                                                                • String ID: 0$D$tdC
                                                                                                                                                                                                                • API String ID: 1667447809-2527954409
                                                                                                                                                                                                                • Opcode ID: bc0108f74ecfecfc79bb99c7100a9102e36a0186952a04f803b1ca797cb915e8
                                                                                                                                                                                                                • Instruction ID: 90e0b1833ff1ff125f4cca04b2274588b78c41ae85dbb2fc197d915d6a7df2ce
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc0108f74ecfecfc79bb99c7100a9102e36a0186952a04f803b1ca797cb915e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B821A171900115EFDB109F59EC449AFBBA8EF85354B15893BF804E72A1C77A8D41CB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004278CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 004278F1
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 00427908
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000009,00000000,000000FF,00000000,00000000,?,00000000,?,?,00402A08,00000000,?,00000000,00000104,?,0041E59F), ref: 0042792E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$ByteCharDecrementIncrementMultiWide
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 817727928-1556624830
                                                                                                                                                                                                                • Opcode ID: 87a474f62ae5de2d509f1388050731aac4f75d86b095b6a67f88992d93f7cb1c
                                                                                                                                                                                                                • Instruction ID: 77de77086d347a09c1c4be11e0c323968ce6e3e891a120dd52aa4b33a1640cd0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87a474f62ae5de2d509f1388050731aac4f75d86b095b6a67f88992d93f7cb1c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7213770208330BBEB219B15BC84BAA3BA4EB02765F60412BF445161E1C73888C3D69D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410F5E Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00410F63
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00410F92
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Languages, xrefs: 00410FC6
                                                                                                                                                                                                                • key, xrefs: 00410F81
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 00410FA7
                                                                                                                                                                                                                • %s%d, xrefs: 00410F8C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$wsprintf
                                                                                                                                                                                                                • String ID: %s%d$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Languages$key
                                                                                                                                                                                                                • API String ID: 172397338-1642330314
                                                                                                                                                                                                                • Opcode ID: 093310dbbcb14e6c2dcfdea61b30b74860a39b49dd39a9e4f354ad7f78410b22
                                                                                                                                                                                                                • Instruction ID: 0f26e5f9bf1e8cdd5bad43cd7ce6beebc21fa9e84b106f7b50a838006eb980a9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 093310dbbcb14e6c2dcfdea61b30b74860a39b49dd39a9e4f354ad7f78410b22
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A216670A10228ABCB10EF95D946BDDBB78FF08714F50026BF511631D1DBB86A49CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EBBB Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 57stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,removeonly), ref: 0040EBC1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                                • String ID: /removeonly$reboot$removeasmajorupgrade$removeonly$runas$runfromtemp
                                                                                                                                                                                                                • API String ID: 1586166983-1284956059
                                                                                                                                                                                                                • Opcode ID: b9b1040e5e30a7e2c32ba6666677d5cc71fa64dbe8527700e7bf23a8b22c734d
                                                                                                                                                                                                                • Instruction ID: 786907aee1aa1e6c5b5e57d787b9815f1d9bcec55dde2208094da776e92e73f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9b1040e5e30a7e2c32ba6666677d5cc71fa64dbe8527700e7bf23a8b22c734d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2701DFB1B4521779E224AA16BC83F7F63289F41BA9F20023FF516F15C1DE7C8851901E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004080BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,74DEE010,?,00000000,?,?,00408CEF,?,00010000,00408590), ref: 004080D6
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,?,00408CEF,?,00010000,00408590), ref: 004080FC
                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00000002,00000000,00000000,?,00408CEF,?,00010000,00408590), ref: 00408103
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000002,00000000,00000000,?,00408CEF,?,00010000,00408590), ref: 00408113
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000002,00000000,00000000,?,00408CEF,?,00010000,00408590), ref: 00408115
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$ByteCharDeleteFileMultiWidelstrlen
                                                                                                                                                                                                                • String ID: d
                                                                                                                                                                                                                • API String ID: 1873936967-2564639436
                                                                                                                                                                                                                • Opcode ID: f185bdcff51d5a22ca8e5daa3f2f775b80633fb92f3c91be4af5ed2bdb2be6b7
                                                                                                                                                                                                                • Instruction ID: 3ac308d99220e1c456be83856c369cd3a799b45554aa84c48f8638fb3443b4fb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f185bdcff51d5a22ca8e5daa3f2f775b80633fb92f3c91be4af5ed2bdb2be6b7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A01F971604226BFD7109BA5DD49FAF7BACEF01369B135479F400E3150CB789D058AB9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420B32 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharNextA.USER32(LA,00000104,02151168), ref: 00420B65
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000), ref: 00420B75
                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00420B87
                                                                                                                                                                                                                • CharPrevA.USER32(00000000,00000000), ref: 00420B96
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(LA,?), ref: 00420BAF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Char$Nextlstrcpy$Prev
                                                                                                                                                                                                                • String ID: LA
                                                                                                                                                                                                                • API String ID: 1912086007-1267665893
                                                                                                                                                                                                                • Opcode ID: 045fe4ce9a1ba7391bd345a92bd7ca2522ed5c2781937a0c8cc5fbad31690546
                                                                                                                                                                                                                • Instruction ID: fc9c40a25d704d706dd4f7629c81c13a4bbc1ffbc1ce8f68bbc8de9fb3225ec5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 045fe4ce9a1ba7391bd345a92bd7ca2522ed5c2781937a0c8cc5fbad31690546
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE01D4B2D0016C7ADB3297A4DC00BEB7FACAB45304F4540F2D700A3152C778AE868FA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407DF6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00407DFB
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000008,00000000,?,00407CE4,00407BB8,00000000,00000400,?,00407BB8,?,?,00000004), ref: 00407E27
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00407E36
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00407CE4,00407BB8,00000000,00000400,?,00407BB8,?,?,00000004), ref: 00407E65
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AllocH_prologString
                                                                                                                                                                                                                • String ID: @eC$HeC
                                                                                                                                                                                                                • API String ID: 1734030179-948665774
                                                                                                                                                                                                                • Opcode ID: 9860af10867dcda9f5d5f141f317ae8e169059de5ba870d7a755d6ebf6df92ee
                                                                                                                                                                                                                • Instruction ID: 505d873fccafccf1ef644f0157ca09ac5ed9b86bb30496de9f5f4c33618646cb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9860af10867dcda9f5d5f141f317ae8e169059de5ba870d7a755d6ebf6df92ee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0113571500712EFD7219F54E804B4ABBF0EF08719F11C46EE8869B651C7B9E908CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004205A8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004205C0
                                                                                                                                                                                                                  • Part of subcall function 00420A03: lstrcpyA.KERNEL32(?,?,74DE8B60,?,00000000), ref: 00420A29
                                                                                                                                                                                                                  • Part of subcall function 00420A03: CharNextA.USER32(00000000), ref: 00420A42
                                                                                                                                                                                                                  • Part of subcall function 00420A03: lstrcpyA.KERNEL32(?,?), ref: 00420A5F
                                                                                                                                                                                                                  • Part of subcall function 00420A03: lstrcpyA.KERNEL32(?,00000000), ref: 00420A65
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,.ini,?,?,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,?,?), ref: 004205F8
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 0042060B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 004205D3
                                                                                                                                                                                                                • %#04x, xrefs: 004205BA
                                                                                                                                                                                                                • .ini, xrefs: 004205F0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$lstrcat$CharNextlstrcpynlstrlenwsprintf
                                                                                                                                                                                                                • String ID: %#04x$.ini$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI
                                                                                                                                                                                                                • API String ID: 2174921493-821759000
                                                                                                                                                                                                                • Opcode ID: 60ab812ac84c0e32396451c4eca3fe3075e0867027b23eccb61a07b4b3bbd6b2
                                                                                                                                                                                                                • Instruction ID: 17346589410f4758362aeb0a904512c5b94d8083d02fe998157b749a3edc4356
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60ab812ac84c0e32396451c4eca3fe3075e0867027b23eccb61a07b4b3bbd6b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF01DB150010EBFCF05EF90ED45EE97BBDEB44305F508032B904A5062D7749A98CBA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0043099A Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(00000001,00437228,00000001,?,02151168,00000002,00446CEC,?,?,?,00000000,02151168), ref: 004309D9
                                                                                                                                                                                                                • GetStringTypeA.KERNEL32(00000000,00000001,00437224,00000001,?), ref: 004309F3
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(00000100,02151168,00000000,?,02151168,00000002,00446CEC,?,?,?,00000000,02151168), ref: 00430A1A
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000220,02151168,00000000,00000000,00000000,00000000,00000000,02151168,00000002,00446CEC,?,?,?,00000000,02151168), ref: 00430A4D
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000220,?,?,00000000,00000000,00000000,00000000), ref: 00430AB6
                                                                                                                                                                                                                • GetStringTypeA.KERNEL32(?,00000100,?,?), ref: 00430B21
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3852931651-0
                                                                                                                                                                                                                • Opcode ID: c142119b0c5d8fbec1678ec456252fbe2b5d000244e8a30368e8e95a52d0dbcc
                                                                                                                                                                                                                • Instruction ID: bb977cda055dc6ee0bfbd05bc0ecfcae35ec2f06559dca1e6ea7f24b4071cc36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c142119b0c5d8fbec1678ec456252fbe2b5d000244e8a30368e8e95a52d0dbcc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D151A071900209EFCF219F95DC86E9FBFB8FF49754F20861AF614A2290D3359951CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D6F3 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00407585: __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 00407585: lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041D750
                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 0041D763
                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 0041D766
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: __EH_prolog.LIBCMT ref: 0041D1E5
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: LoadCursorA.USER32(00000000,00007F02), ref: 0041D21C
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: SetCursor.USER32(00000000), ref: 0041D229
                                                                                                                                                                                                                  • Part of subcall function 0041D1E0: wsprintfA.USER32 ref: 0041D2B9
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                  • Part of subcall function 00420DE9: GetFileAttributesA.KERNELBASE(00000000,0041DDB5,00000000,00000000,?,?,?,00000000,00000000,?,?,00000001,00000000,?,00000001,Startup), ref: 00420DED
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpyA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C76
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %#x, xrefs: 0041D74A
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 0041D7CC, 0041D7EC
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0041D7B0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$CharCursorNextwsprintf$AttributesFileLoadlstrcatlstrcmplstrcpylstrcpynlstrlen
                                                                                                                                                                                                                • String ID: %#x$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 4126524183-756487976
                                                                                                                                                                                                                • Opcode ID: 0cb5d737acab697d67a10950d689d6c227ca4c3f1c9384bbe8d1e0cbc49a3590
                                                                                                                                                                                                                • Instruction ID: 7da18a3e8adfa8e193d45f941af13b5a077b012634ff202e07a6cf1d817d279e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cb5d737acab697d67a10950d689d6c227ca4c3f1c9384bbe8d1e0cbc49a3590
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD3195F1A0011D7ADF149B61DC42FEB77ACEB44304F10447AFA05E7181DA78AE858AAC
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409189 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 004091BA
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 0040921A
                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000066), ref: 00409221
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00409235
                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00409251
                                                                                                                                                                                                                  • Part of subcall function 00421166: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,0041C3E9), ref: 00421175
                                                                                                                                                                                                                  • Part of subcall function 00421166: OpenProcessToken.ADVAPI32(00000000,00000028,0041C3E9,?,?,?,?,?,?,0041C3E9), ref: 00421182
                                                                                                                                                                                                                  • Part of subcall function 00421166: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00421199
                                                                                                                                                                                                                  • Part of subcall function 00421166: AdjustTokenPrivileges.ADVAPI32(0041C3E9,00000000,?,00000000,00000000,00000000), ref: 004211C4
                                                                                                                                                                                                                  • Part of subcall function 00421166: ExitWindowsEx.USER32(00000002,0000FFFF), ref: 004211D2
                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 0040927B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ItemProcessShowTokenWindow$AdjustCurrentDeleteDialogExitLookupObjectOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1933714880-0
                                                                                                                                                                                                                • Opcode ID: 672247a03d4ebfacf6cc10e97014d6af154a0c63a9249e122bcc0415880271a5
                                                                                                                                                                                                                • Instruction ID: b142e691367f89e488b478012f3ec4235128c75460e85cd2a82529c740bf4a03
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 672247a03d4ebfacf6cc10e97014d6af154a0c63a9249e122bcc0415880271a5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C2107317002157BDA106F65EC8AE6B37A8EF59B04F40443BF701BA1E2C6F99851876C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410B0B Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetWindowRect.USER32(00410919,?), ref: 00410B1B
                                                                                                                                                                                                                • GetParent.USER32(00410919), ref: 00410B30
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 00410B3B
                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 00410B4C
                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00410B59
                                                                                                                                                                                                                • MoveWindow.USER32(00410919,?,?,?,?,00000000,?,?,?,00410919,?), ref: 00410B84
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MetricsRectSystemWindow$ClientMoveParent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3434607708-0
                                                                                                                                                                                                                • Opcode ID: 468d95c5925bb418c74766d55cf567f44aec7bac54c0cea67428dc73f243e786
                                                                                                                                                                                                                • Instruction ID: 2911655df3d0a66cd981b666592f3edc073b29428b2798e2874497ae3011301a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 468d95c5925bb418c74766d55cf567f44aec7bac54c0cea67428dc73f243e786
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D115A32A0021ABFDB008FFCDD8DDAEBF79EB40305F094664F904E2194D770A9448A64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420D5C Relevance: 9.1, APIs: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429A4C,74DE83C0,000000FF,?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104), ref: 00420D73
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00429A4C,?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104,?), ref: 00420D85
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,0043E0A4,?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104,?), ref: 00420D91
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104,?,-000008AC), ref: 00420D9A
                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104,?), ref: 00420DAF
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,00416A5F,?,?,00442430,?,00000400,?,000000FE,?,00000104,?,-000008AC,00000000), ref: 00420DB9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrlen$CreateDirectoryErrorLastlstrcatlstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4043630017-0
                                                                                                                                                                                                                • Opcode ID: 21802e1bcdc757ae9fc422a86aa7f1571aeb3d101ec68be43346d4037484f25e
                                                                                                                                                                                                                • Instruction ID: 6d8abc99ff93acc60c0f74b04fdc1afc02b49222f223614543c84c999230e13a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21802e1bcdc757ae9fc422a86aa7f1571aeb3d101ec68be43346d4037484f25e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B101493621A721AFD7226B90BC48B2F7BD8DF87321F11401BF14191182C7B9580186AF
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041BA39 Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041BA3E
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BA6B
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BAA5
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(00000000), ref: 0041BAB3
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0041BAC0
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,0041B6E2,?,00000001,?,?,?), ref: 0041BAD2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$String$AllocH_prolog
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1014970518-0
                                                                                                                                                                                                                • Opcode ID: 02349038e0248f81f9850bcd68301e9875752bd1af64555bd7ed594b4e77b43a
                                                                                                                                                                                                                • Instruction ID: c8c0ec784381d80476765268c1a82fad59fa4afd811a59e3881547c8d4ab54c6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02349038e0248f81f9850bcd68301e9875752bd1af64555bd7ed594b4e77b43a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7212272600606AFC720DF58D844A4AFBF4FF48715F12C86EE4569B621C3B8E904CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407E83 Relevance: 9.1, APIs: 6, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,00407C76,00000000,?), ref: 00407E9C
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00407EAA
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,?,00000000,00407C76,00000000,?), ref: 00407EBD
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,00407C76,00000000,?), ref: 00407ED5
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00407EF6
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,?,00000000,00407C76,00000000,?), ref: 00407F0A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$FreeString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2425351278-0
                                                                                                                                                                                                                • Opcode ID: 7ec59d5cb897c50ec5341046084f1e619d9c2691664c5f7d92382c363d2a431b
                                                                                                                                                                                                                • Instruction ID: bf3a62cfde020e86e6ec2c0683035c1bca93d10a721b7a1d14eba3e0fc960767
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ec59d5cb897c50ec5341046084f1e619d9c2691664c5f7d92382c363d2a431b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7112A36200616EFCB109F68EC48C55BBF0FF09719712C669F896CB221D736E918CB44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407F15 Relevance: 9.1, APIs: 6, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000200,?,?,0041B389,00000001,00000000), ref: 00407F2E
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00407F3C
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000200,?,?,0041B389,00000001,00000000), ref: 00407F4F
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000200,?,?,0041B389,00000001,00000000), ref: 00407F67
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00407F88
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000200,?,?,0041B389,00000001,00000000), ref: 00407F9C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$FreeString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2425351278-0
                                                                                                                                                                                                                • Opcode ID: 544fb55807be1d4f7ff2eb79f1eb08916074bff76f0e37956f5526ef125e7ca3
                                                                                                                                                                                                                • Instruction ID: 4c010b5ec47eb650691e7cbce53803d11c658a128558f141b6d8ff1f5a4492af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 544fb55807be1d4f7ff2eb79f1eb08916074bff76f0e37956f5526ef125e7ca3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD112A36200616EFCB109F68EC48C55BBF0FF09319712C669F896CB221D736E918CB44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DAFF Relevance: 9.0, APIs: 6, Instructions: 50windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041DB05
                                                                                                                                                                                                                • GetWindowLongA.USER32(?,00000000), ref: 0041DB16
                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 0041DB3E
                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,?,?,0041DA4A,?), ref: 0041DB46
                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0041DB5F
                                                                                                                                                                                                                • SetWindowLongA.USER32(0041DA4A,00000000,00000000), ref: 0041DB6B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$DeleteLongObject$DestroyIcon
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2866036538-0
                                                                                                                                                                                                                • Opcode ID: 34218faf1131265d2a575cf13c417be10a9a3bcbf13b50dec662e835af9b5794
                                                                                                                                                                                                                • Instruction ID: 64cc36e7a549c7de2ec729b6d598f00981ed5428458227402d1b7dfef89d356b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34218faf1131265d2a575cf13c417be10a9a3bcbf13b50dec662e835af9b5794
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34018872908215EFC6309F65EC84CD7BBB8EB45365713942EF557D2110C736B880CA29
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F36B Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 263stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040F370
                                                                                                                                                                                                                  • Part of subcall function 00406B7B: __EH_prolog.LIBCMT ref: 00406B80
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,00000452,?,?,00000000,0040136B,?,?,00000000,0040E610,0040E7B3,?,?,?,?), ref: 0040F3DD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %s%s%s%s%s%s%s%s, xrefs: 0040F66D
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0040F3C7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcpy
                                                                                                                                                                                                                • String ID: %s%s%s%s%s%s%s%s$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 2120869262-3983708343
                                                                                                                                                                                                                • Opcode ID: 63c5f20e94b9d1ed82c092feab0272bd15a25399b3aba9ac85e0310c7ac77c68
                                                                                                                                                                                                                • Instruction ID: 5bc63f0fc7e58f00a2237b75c7206668be3fe3500b237511ec600da4cbbf99af
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63c5f20e94b9d1ed82c092feab0272bd15a25399b3aba9ac85e0310c7ac77c68
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F91F872A01128BFDF50D6A5CC51ADEBBB9AB4C350F4040F6E609F7182DE359B888F65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004019C0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004019C5
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000104,?,00000000,?,00000000), ref: 00401A66
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileH_prologModuleName
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 2929834794-2458444898
                                                                                                                                                                                                                • Opcode ID: 85659f76986839cc19cb2529002957013a77ce4cc37e86242dc7927cfc3d1150
                                                                                                                                                                                                                • Instruction ID: a9872503b87f22a4afeece365c58c6d1c0811d4ab93cd579e274217fe19619fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85659f76986839cc19cb2529002957013a77ce4cc37e86242dc7927cfc3d1150
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F691B771D01258AADB11D7A1CC45FDEB7BCAF05308F5440AEE509B31D2DB789B44CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041288B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00412890
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?,00000104), ref: 004128B2
                                                                                                                                                                                                                  • Part of subcall function 004014FF: __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                  • Part of subcall function 004014FF: SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                  • Part of subcall function 004185A0: __EH_prolog.LIBCMT ref: 004185A5
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,0000002C,00000001,?,?,00000001), ref: 0041295E
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,dotnetfxsp1.exe), ref: 00412970
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ByteCharErrorLastMultiVersionWidelstrcatlstrcpylstrlen
                                                                                                                                                                                                                • String ID: dotnetfxsp1.exe
                                                                                                                                                                                                                • API String ID: 2708201615-1849113985
                                                                                                                                                                                                                • Opcode ID: 177be66545c3fca2d5dfa8e49ea1aae7e3f4583ed6d8874d8ced13f2f86eae92
                                                                                                                                                                                                                • Instruction ID: 739676ba5ed1f77cb66fc824805e47128d5bde303f0b1ef52af2996cbbdebe29
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 177be66545c3fca2d5dfa8e49ea1aae7e3f4583ed6d8874d8ced13f2f86eae92
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5418D71E0025AEBCF14DFA4DD91AEEB7B8AF04304F10406FE516B6291DBB85B85CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DCB3 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041DCB8
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0041DDFA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ExecuteShell
                                                                                                                                                                                                                • String ID: ClickOncePackage$Startup$open
                                                                                                                                                                                                                • API String ID: 1920959041-1966403724
                                                                                                                                                                                                                • Opcode ID: 8729b1542ab4831d11203e3b283423c92e6e8c63494dc20efa03f49775a611af
                                                                                                                                                                                                                • Instruction ID: 1d108af3b27e267198b06034ec2c73cd3f6be0ddbcde9c8b5e450ca35287a515
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8729b1542ab4831d11203e3b283423c92e6e8c63494dc20efa03f49775a611af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA417471940258BEDB15E7A5CC55EEEBB78AF54304F0001AEB106B31D2EB785B48C669
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042B797 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32 ref: 0042B7B6
                                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0042B7EB
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0042B84B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                                                                • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                                                                • API String ID: 1385375860-4131005785
                                                                                                                                                                                                                • Opcode ID: 5187c70c506e1bfd0bf0f18d7f64de3fc90d4d7022a5ecb6ba38b791a839a45e
                                                                                                                                                                                                                • Instruction ID: ba78cb86c58021098da1c40bc6c3a56d8cdcf8f7884d49530d802708ecaef4a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5187c70c506e1bfd0bf0f18d7f64de3fc90d4d7022a5ecb6ba38b791a839a45e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F31F371B052786DEB35A6707C81BDA376CDF02344FA444DBD289C6252E7388E898B99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409A97 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409A9C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 00409ABB
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 00409AFD
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 00409B19
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AddressH_prologProc
                                                                                                                                                                                                                • String ID: WinVerifyTrust
                                                                                                                                                                                                                • API String ID: 2363843230-2766335691
                                                                                                                                                                                                                • Opcode ID: 638718353162dcc4b499f5c88208080de11a68bd1ead9100a1e5a4b5ed214393
                                                                                                                                                                                                                • Instruction ID: c189ad78521ce07b2b92ece1b2c25c97fe0731010b6abae6322945d6d0bf3fae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 638718353162dcc4b499f5c88208080de11a68bd1ead9100a1e5a4b5ed214393
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A21A472E00218BACF00AFD99C45EDFBBBCEB88314F10412BF914F7291D67849008BA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00403D72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00403D77
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,02151168,?,00000000,?,00402A1E,00000000,00000000,?,00000001,?,00000000,00000104), ref: 00403DC6
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001,?,00000000,?,00402A1E,00000000,00000000,?,00000001,?,00000000), ref: 00403E01
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00000001,?,00000000,?,00402A1E,00000000,00000000,?,00000001,?,00000000,00000104), ref: 00403E19
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharErrorH_prologLastMultiWidelstrlen
                                                                                                                                                                                                                • String ID: 0$D
                                                                                                                                                                                                                • API String ID: 1667447809-1534285997
                                                                                                                                                                                                                • Opcode ID: 40bceae378692cd2918325617282b5f113c12ce3a906f7a94a595915904a5e98
                                                                                                                                                                                                                • Instruction ID: 0f6da80c701c266824f318e9b10f223622a0fa6a893e48e5cf5ac048bea69104
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40bceae378692cd2918325617282b5f113c12ce3a906f7a94a595915904a5e98
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1721ACB1900216EFDB109F59E8449AFBFA8EF85355F11813BF805A7291C7788E448B98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417A80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,Install,00000000,00000001,?,00000000,?,00000000,00020019,0043647C,00436474,00000000,?,?,00417A12,?), ref: 00417AE1
                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,0043E5B4,00000000,00000001,00000000,00000004,?,?,00417A12,?,00000000,?,00000001,?), ref: 00417B00
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,00417A12,?,00000000,?,00000001,?), ref: 00417B0A
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00020019,0043647C,00436474,00000000,?,?,00417A12,?,00000000,?,00000001,?,00000000), ref: 00417B1C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                • String ID: Install
                                                                                                                                                                                                                • API String ID: 3356406503-3765929189
                                                                                                                                                                                                                • Opcode ID: 720ebbb5fc3a20fc521b7e37378a5cf1acc2ef5d38a743896db3b249c3febb9e
                                                                                                                                                                                                                • Instruction ID: b3e747399b6460390273406db0a0956b0911d8322f810dc62643d4c071040ca7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 720ebbb5fc3a20fc521b7e37378a5cf1acc2ef5d38a743896db3b249c3febb9e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 052124B550524ABFDB108F54DC809DA7BB8FF08398B11442AF905A7250D375AE648BA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004203E2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001300,00000000,QlA,00000000,QlA,00000000,00000000,00000000), ref: 004203FE
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00420433
                                                                                                                                                                                                                  • Part of subcall function 00420305: __EH_prolog.LIBCMT ref: 0042030A
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 0042044B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FormatFreeH_prologLocalMessagewsprintf
                                                                                                                                                                                                                • String ID: %s %s$QlA
                                                                                                                                                                                                                • API String ID: 1200432034-2695060340
                                                                                                                                                                                                                • Opcode ID: d3bf13ce68bcee8848851e644495ccf0dcd9b16c63630d46b0baf3e5a4595b73
                                                                                                                                                                                                                • Instruction ID: 2989dba7e03fe6a3ab524e83a61caa3fa2152887f7e42b4c1faa6200b6f752e4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3bf13ce68bcee8848851e644495ccf0dcd9b16c63630d46b0baf3e5a4595b73
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1701F9B260010DBFEF115F94EC45FEA7B7CFB04344F108476BB05A5051D671DA458A64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410E40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00410E45
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Languages, xrefs: 00410E78
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 00410E58
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 00410E4D
                                                                                                                                                                                                                • default, xrefs: 00410E73
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Languages$default
                                                                                                                                                                                                                • API String ID: 3519838083-1633815757
                                                                                                                                                                                                                • Opcode ID: ae8932c439fa258d6883d4560f637c08ccf1a698080d08d4234206ac63d8efd3
                                                                                                                                                                                                                • Instruction ID: e3294a2c9dd3d0c07646a27b82075c5c43605500d8ece5756996ff250fdbc942
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae8932c439fa258d6883d4560f637c08ccf1a698080d08d4234206ac63d8efd3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E10148B1A10228EACB14EBA6ED16FDDB734AB18718F50416BF811731D1D7BC6B09CA4C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00431907 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 00431913
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 0043192A
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B731
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: EnterCriticalSection.KERNEL32(?,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B74C
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 0043195A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                                                                                                                                                                • String ID: KB$lD
                                                                                                                                                                                                                • API String ID: 2038102319-1466586194
                                                                                                                                                                                                                • Opcode ID: a2feea1fcf6b82f045b579d01b8f2bc19a321038b8ab77b7c377d106ff542835
                                                                                                                                                                                                                • Instruction ID: b7d9e10585bd1947adfb6877e6c9bf6be61f04795092fe332b26641715f9086f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2feea1fcf6b82f045b579d01b8f2bc19a321038b8ab77b7c377d106ff542835
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6F0B47210021ABFEB006F95AC91ADF3B6CEF85324F05403BF60515161CBB58952CAA9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408D39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00408D3E
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,00408BE1,00000000,?,?,?,00408204,?,?), ref: 00408D6A
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,?,00408BE1,00000000,?,?,?,00408204,?,?), ref: 00408DA0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: @eC$HeC
                                                                                                                                                                                                                • API String ID: 2881783280-948665774
                                                                                                                                                                                                                • Opcode ID: 1e581aca5f9a9e7cf9f0bf1273ac3e8aae2f8d515ebbddac4cfc9478cc1b0f09
                                                                                                                                                                                                                • Instruction ID: b18decdc25764eafb30bde723e839410cda8c2020d90a964900d58732d13c838
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e581aca5f9a9e7cf9f0bf1273ac3e8aae2f8d515ebbddac4cfc9478cc1b0f09
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9012571500712EFD720DF58E504B4ABBF4EF08719F21C96EE49697681C7B9E908CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042FCA1 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 0042FCFF
                                                                                                                                                                                                                • GetFileType.KERNEL32(?,?,00000000), ref: 0042FDAA
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0042FE0D
                                                                                                                                                                                                                • GetFileType.KERNEL32(00000000,?,00000000), ref: 0042FE1B
                                                                                                                                                                                                                • SetHandleCount.KERNEL32 ref: 0042FE52
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1710529072-0
                                                                                                                                                                                                                • Opcode ID: 784c9ff0263ae8d7e7ada8a42080ca85df0fe7c21a0a4e3709f49b7416ee696c
                                                                                                                                                                                                                • Instruction ID: ee44ac3a8b4400f6b601ea60163ea4c75a83431a0d4ec37232462d1bccaf59a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 784c9ff0263ae8d7e7ada8a42080ca85df0fe7c21a0a4e3709f49b7416ee696c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F512971710A218FDB118B28E88466A77F0BB02328FE5477EC593D72E2D7389809C759
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004093FA Relevance: 7.6, APIs: 5, Instructions: 116timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 0040948B
                                                                                                                                                                                                                • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 004094CF
                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 004094E2
                                                                                                                                                                                                                • SetFileTime.KERNEL32(?,?,00000000,?), ref: 004094F7
                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00409529
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileTime$AttributesDateErrorLastLocal
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1921563805-0
                                                                                                                                                                                                                • Opcode ID: 4a634dc8d8200a2bfff174705ee2784c15ab788d2e7364240804ffaa8df084a7
                                                                                                                                                                                                                • Instruction ID: be73eb300083b788b16b4bb06a543a77a6080fe3ac7a8ec845417e1b093ff3c6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a634dc8d8200a2bfff174705ee2784c15ab788d2e7364240804ffaa8df084a7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5531AF72908019BFDB209FE4DC859EB736CEB04724F504676F225E21C2E738AD468B29
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042163D Relevance: 7.6, APIs: 5, Instructions: 50stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VerLanguageNameA.KERNEL32(00003CFF,?,00000103,?,?,00000000), ref: 0042165B
                                                                                                                                                                                                                • VerLanguageNameA.KERNEL32(?,?,00000103,00003CFF,?,00000103,?,?,00000000), ref: 00421685
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00421698
                                                                                                                                                                                                                • VerLanguageNameA.KERNEL32(?,?,00000103,?,00000000), ref: 004216B5
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,00000000), ref: 004216C4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LanguageName$lstrcmpilstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 422536988-0
                                                                                                                                                                                                                • Opcode ID: af257d1973c34de17716ce2726355c8016663678f71da93bad66c01332b185cd
                                                                                                                                                                                                                • Instruction ID: 2930783f34361460ead381aaa481ec0afe07ebdf8004496fbe12bfc5e642ce7c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: af257d1973c34de17716ce2726355c8016663678f71da93bad66c01332b185cd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC01A7B66001387BE7109A91ED85EFB33ADDF54305F404176FB85E2040E678DB848764
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C119 Relevance: 7.5, APIs: 5, Instructions: 49stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041C155
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000,?,00000000), ref: 0041C165
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000000,00000400,?,?,00000000), ref: 0041C17B
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000), ref: 0041C188
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000,?,00000000), ref: 0041C1A0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpylstrlen$FileModuleName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 271103609-0
                                                                                                                                                                                                                • Opcode ID: b93de50fa602d8b89bfee2c1b81d21b96d073493dc18ed65aa9c9327cc04485c
                                                                                                                                                                                                                • Instruction ID: fe841caf96f34a4cd0aada8319139791f1d3855e57f30174e27d7f0f746d4353
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b93de50fa602d8b89bfee2c1b81d21b96d073493dc18ed65aa9c9327cc04485c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6701F5B29401197FDF11AB64CC45FEA7B7DEB04344F0140B6A704F2151D674AE4A8FA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420A75 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 49stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00420A91
                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00420AC0
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 00420AD5
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(4$D,00000000), ref: 00420ADB
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$CharNext
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 3801418090-1551560817
                                                                                                                                                                                                                • Opcode ID: 07ef36a4fc20854510155239082e9d284b7510dc95f8e4a6de8db8dbd4b66ce9
                                                                                                                                                                                                                • Instruction ID: 6bf1e3aa4498b657ff4f6109d4790b9359835d93f9115038ffc92b83cbaf1900
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07ef36a4fc20854510155239082e9d284b7510dc95f8e4a6de8db8dbd4b66ce9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0101A27760022AAADB1096A0AC45FAF3BACEB84364F54047BF704E6081EA7499458B68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401447 Relevance: 7.5, APIs: 5, Instructions: 46fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileSize.KERNEL32(?,00000000,00000000,00000000,?,?,00401437,00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401453
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(?,00000000,00000004,00000000,00000000,00000000), ref: 00401465
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,?,?,00401437,00000000,00000000,?,80000000,00000003,00000000,00000003), ref: 00401478
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000), ref: 00401496
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00401437,00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0040149D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$View$CloseCreateHandleMappingSizeUnmap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1558290345-0
                                                                                                                                                                                                                • Opcode ID: 37ac0700f71ab78683fe4b84505168e1d7def99c2dd6037b05ea73d33cc7ba3c
                                                                                                                                                                                                                • Instruction ID: 10c67e85033d133ee12dac3b3d0f2828abd9d42882e0620f1471597b672e91e3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37ac0700f71ab78683fe4b84505168e1d7def99c2dd6037b05ea73d33cc7ba3c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35F04F32602234BBD7212BA69C4DCAF7E6DDF467A1B028075FA0992171D6B54D00D7E4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041B0F2 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDC.USER32(0041B07A), ref: 0041B0FA
                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041B107
                                                                                                                                                                                                                • MulDiv.KERNEL32(?,00000000), ref: 0041B111
                                                                                                                                                                                                                • ReleaseDC.USER32(0041B07A,00000000), ref: 0041B11F
                                                                                                                                                                                                                • CreateFontA.GDI32(00000000,00000000,00000000,00000000,?,00000000,0041B098,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0041B13D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontRelease
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2367478762-0
                                                                                                                                                                                                                • Opcode ID: 81145336934569a7f480b35a4449b0bba64fe847b0e95930daf0ab45c70387a9
                                                                                                                                                                                                                • Instruction ID: d14109cea702917e66065c074a7bb5077062d34f87a55eff81ac71814f3284b2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81145336934569a7f480b35a4449b0bba64fe847b0e95930daf0ab45c70387a9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FF0B2B2100109BFEB021FA1EC09CBF7F7DEB5A652B018021FE05C5060C6328D21ABB9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042AA73 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000103,7FFFFFFF,0042AC09,00427693,00000000,?,?,00000000,00000001), ref: 0042AA75
                                                                                                                                                                                                                • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0042AA83
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0042AACF
                                                                                                                                                                                                                  • Part of subcall function 00430182: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 00430278
                                                                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0042AAA7
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0042AAB8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2020098873-0
                                                                                                                                                                                                                • Opcode ID: f6de9683ed071c8c7b1bd0952ad1cee2b1817d89e6cc6979e7fabdf4835980af
                                                                                                                                                                                                                • Instruction ID: 3a6c3b8941b050bc3c902884966bb7dc6c4211c2f799f5fec3cf624d928bc608
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6de9683ed071c8c7b1bd0952ad1cee2b1817d89e6cc6979e7fabdf4835980af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8F0F631B002227BDB316B28BD0951A3A65AF417B5B06523BF855D52A1CB288800CA99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EB11 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                • String ID: /m1$/m2
                                                                                                                                                                                                                • API String ID: 3213498283-2289526375
                                                                                                                                                                                                                • Opcode ID: f7eeaa2db2a6c190066a7749766c0b58f86238068ce0c9c0c172c0af68887725
                                                                                                                                                                                                                • Instruction ID: 726c3cc17ac29258ade38a1d8a4e1e2504343e08ecc36d1a3d9f41a578d6f083
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7eeaa2db2a6c190066a7749766c0b58f86238068ce0c9c0c172c0af68887725
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72F0B471A04144BAC7149B6AEC96E7E7B2CF704364F20413BF412A21D0C67CAD02C619
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00411052 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00411064
                                                                                                                                                                                                                  • Part of subcall function 004110C4: __EH_prolog.LIBCMT ref: 004110C9
                                                                                                                                                                                                                  • Part of subcall function 004110C4: lstrcpyA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI,Title), ref: 004110E8
                                                                                                                                                                                                                • CharNextA.USER32(?,Title), ref: 0041108E
                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00411091
                                                                                                                                                                                                                  • Part of subcall function 004110C4: lstrcatA.KERNEL32(?,.ini,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,Title), ref: 00411110
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext$H_prologlstrcatlstrcpywsprintf
                                                                                                                                                                                                                • String ID: %#04x$Title
                                                                                                                                                                                                                • API String ID: 1153994949-2030030561
                                                                                                                                                                                                                • Opcode ID: a15f2477cd7c9000c9f451d47f609fc75a6bb85b3222b8fbfb76426c67039a1f
                                                                                                                                                                                                                • Instruction ID: 8955f4d97d892ed15f7d52c1b025593f1afb0255e4184ca7e68cf309b2ac2d5e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a15f2477cd7c9000c9f451d47f609fc75a6bb85b3222b8fbfb76426c67039a1f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEF01772C0014EBBCF01AFA5DC05DEF3FADEB08254F044462BE08A6061E635DA619BA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041925E Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 292COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: %*.*f$I64
                                                                                                                                                                                                                • API String ID: 3519838083-2444075078
                                                                                                                                                                                                                • Opcode ID: e5f2d5259a72ff05754a6dc908123c3aa71ea7f075799564023b54b49a1eea38
                                                                                                                                                                                                                • Instruction ID: 9dc92e70c460dadd06695dec2bc2e92cdbf7148b12749be97ca41d04b51ab8de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5f2d5259a72ff05754a6dc908123c3aa71ea7f075799564023b54b49a1eea38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED91057690421AABDB259F6DC9687FE77A1FB05314F54802BEC51A6280E33C8EC2C75D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00418DC0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 292COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: %*.*f$I64
                                                                                                                                                                                                                • API String ID: 3519838083-2444075078
                                                                                                                                                                                                                • Opcode ID: c805b6f149d39ccb9f6906405d6eedeb50280329cd698c088f3a833f364abbc0
                                                                                                                                                                                                                • Instruction ID: 0ee33df66d58c63e75d4dbc47e034da981dbb05af7b4aaefebdfc4a6032364ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c805b6f149d39ccb9f6906405d6eedeb50280329cd698c088f3a833f364abbc0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A91C2769002169BDB249E68C8587FF7BA1FB08314F54812FE945E6380DB7C9EC2CA5D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040B22B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 209stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040B230
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00429A4C,?,?,00000001,00000001,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000001,00000000), ref: 0040B469
                                                                                                                                                                                                                  • Part of subcall function 0040C181: __EH_prolog.LIBCMT ref: 0040C186
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(00429A4C,00000000,?,00000001,00000000,?,?,00000000,00000000,00000000,00000104,00000000), ref: 0040B489
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrcpyn
                                                                                                                                                                                                                • String ID: 0$D
                                                                                                                                                                                                                • API String ID: 588646068-1534285997
                                                                                                                                                                                                                • Opcode ID: 4d7271972a632b5ddb6469e247ace36ffef89c1a008344fd7db82f14121d3963
                                                                                                                                                                                                                • Instruction ID: 7a5477a34e1b1aa21e74964007552056c3557626f3e0ece7ae0e30277c087f24
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d7271972a632b5ddb6469e247ace36ffef89c1a008344fd7db82f14121d3963
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F817971800299EECF11EFA5D8819EEBB78EF15304F14406FF94172292D7385A09DBAD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402A71 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402A76
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: 4$D$4$D$\
                                                                                                                                                                                                                • API String ID: 3800368667-1539703004
                                                                                                                                                                                                                • Opcode ID: 040c5766f923e0120bd998ce2e32f38caa2780a78423c7bc32168fa0d3021c6c
                                                                                                                                                                                                                • Instruction ID: b8b3814bf570c0965e00d68d671c00f0a4faa50f6e2a83c11ca2b75bf5c32b46
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 040c5766f923e0120bd998ce2e32f38caa2780a78423c7bc32168fa0d3021c6c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B851A371D00259DADB14EF95CA45BEEBBB8AF14304F10416FE506B32C1DBB86B09CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040B94E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040B953
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                                                • String ID: tdC$tdC$|dC
                                                                                                                                                                                                                • API String ID: 1057991267-1874717632
                                                                                                                                                                                                                • Opcode ID: 6ed591fcc86966773b3a72b19c7dd1d1799adccd8649264a9a237712fe1df6d5
                                                                                                                                                                                                                • Instruction ID: f2de83a830c4f13f2092d6d668ca1ae0dccb1c54b0801bc0378efb031f2e1e7a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ed591fcc86966773b3a72b19c7dd1d1799adccd8649264a9a237712fe1df6d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7414671A00209EADB11EF95C891BEEB7B8EB54304F10803FE545B72C2DB785A49CB6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041130F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00411314
                                                                                                                                                                                                                  • Part of subcall function 0041A34A: __EH_prolog.LIBCMT ref: 0041A34F
                                                                                                                                                                                                                  • Part of subcall function 0041A471: __EH_prolog.LIBCMT ref: 0041A476
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$ErrorLast$FreeString
                                                                                                                                                                                                                • String ID: 00000000000000000000000000000000$AM_CONTENTID$AM_OTP
                                                                                                                                                                                                                • API String ID: 3733137895-721395337
                                                                                                                                                                                                                • Opcode ID: 31e00cd2026df33e966b58b41e68f0bd2afb53edc81280a69cb5b8c231e1fe2b
                                                                                                                                                                                                                • Instruction ID: 93c13301d94347d212549fada689c718d3e3add5b553d89df72a42f6842736e1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31e00cd2026df33e966b58b41e68f0bd2afb53edc81280a69cb5b8c231e1fe2b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A84182B1D0021DBADF04EFA4D846BED7BB8AF14318F50406EB945A7282DB789B488759
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004073CA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: dC$dC$dC
                                                                                                                                                                                                                • API String ID: 3519838083-370627719
                                                                                                                                                                                                                • Opcode ID: b3ce187dbcd11f4a484e5abed9657f9652ac780df004dc46175e77e09a4c5d69
                                                                                                                                                                                                                • Instruction ID: b3924989d12abf93bcd6ffe6c6e1df6d96f759b574748724039df0cf7925216c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3ce187dbcd11f4a484e5abed9657f9652ac780df004dc46175e77e09a4c5d69
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A414B71E05149AFCB05EFA9D591AEDBBB4AF18314F10806AF415B7281D738AF04CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041B57B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041B63B
                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000), ref: 0041B677
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041B699
                                                                                                                                                                                                                  • Part of subcall function 0041B897: __EH_prolog.LIBCMT ref: 0041B89C
                                                                                                                                                                                                                  • Part of subcall function 0041B897: GetLastError.KERNEL32(02151168,00000000,?,0041E420,00000001,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000), ref: 0041B8C8
                                                                                                                                                                                                                  • Part of subcall function 0041B897: SetLastError.KERNEL32(?,?,0041E420,00000001,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000), ref: 0041B8FE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastwsprintf$H_prologlstrcat
                                                                                                                                                                                                                • String ID: %01d.%01d %s%s
                                                                                                                                                                                                                • API String ID: 3897922275-3724692234
                                                                                                                                                                                                                • Opcode ID: 34c8e85b157fe533ec23f503281f70eecab1d54adff8521a9352914fc67d5537
                                                                                                                                                                                                                • Instruction ID: e1db373e9c788793741c830f1ec58a8de57455c7186b63247f01b17fcc536ea8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34c8e85b157fe533ec23f503281f70eecab1d54adff8521a9352914fc67d5537
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A31DCF7A001197BDB14DA54DC91FDB73ADEB84304F4080B6F709E7182DA74DA598BA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00417FC1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00417FC6
                                                                                                                                                                                                                  • Part of subcall function 00402838: __EH_prolog.LIBCMT ref: 0040283D
                                                                                                                                                                                                                  • Part of subcall function 00402838: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000), ref: 00402866
                                                                                                                                                                                                                  • Part of subcall function 00402838: SetLastError.KERNEL32(?,00000000,?,0041E413,?,00000000,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: lstrlenW.KERNEL32(004364D8,02151168,00000104,00000000,004364BC,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001,?,00000000,removeasmajorupgrade), ref: 00402DBD
                                                                                                                                                                                                                  • Part of subcall function 00402D6A: WideCharToMultiByte.KERNEL32(00000000,00000000,004364D8,000000FF,?,00000002,00000000,00000000,?,0041E536,tempdisk1folder,?,00000000,00000000,?,00000001), ref: 00402DE5
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000000,00000400,|dC,00000400,?,00000000,?,00000003,ISSetup.dll,?,00000000,00000000), ref: 0041802F
                                                                                                                                                                                                                  • Part of subcall function 004022FB: __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                  • Part of subcall function 004022FB: GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                  • Part of subcall function 004022FB: SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                  • Part of subcall function 00402A71: __EH_prolog.LIBCMT ref: 00402A76
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                  • Part of subcall function 004029BB: __EH_prolog.LIBCMT ref: 004029C0
                                                                                                                                                                                                                  • Part of subcall function 004029BB: SetLastError.KERNEL32(?,?,00000000,00000104,?,0041E59F,02151168,?,00000001,?,00000000,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,00000000), ref: 00402A26
                                                                                                                                                                                                                  • Part of subcall function 0041883F: __EH_prolog.LIBCMT ref: 00418844
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast$ByteCharFileFreeModuleMultiNameStringWidelstrlen
                                                                                                                                                                                                                • String ID: ISSetup.dll$|dC
                                                                                                                                                                                                                • API String ID: 771115330-3065460551
                                                                                                                                                                                                                • Opcode ID: 383e00c1c51ac8c583d4d07a0ef533164735223dee3b521453e732b379319dfc
                                                                                                                                                                                                                • Instruction ID: 26c74837e0bbd655014cc5c3807d536f14c8d551d592da042ec83e4a1be0aabb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 383e00c1c51ac8c583d4d07a0ef533164735223dee3b521453e732b379319dfc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D317071801208FEDB01EBE5D996ADEBB7CAF14308F10806EB516B31C2DB785B49C764
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004290D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 0042914A
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 00429159
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 004291BC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$Decrement$Increment
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 2574743344-1556624830
                                                                                                                                                                                                                • Opcode ID: 64daa6ed29ca0b330afe13f5fb3a6a28a006ddb9de1849b8c511c00b6128acb5
                                                                                                                                                                                                                • Instruction ID: 5faf6da3bfbdbb9b64d7b9d5fd7312a6099396ea2e16aacfa9bd5dfdfc821796
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64daa6ed29ca0b330afe13f5fb3a6a28a006ddb9de1849b8c511c00b6128acb5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C331D475600227ABEB24AF16E8492FA7764FB01711F90C01BFC4A46284D778CDD2CB9D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041167D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00411682
                                                                                                                                                                                                                  • Part of subcall function 00411C69: InterlockedDecrement.KERNEL32(?), ref: 00411C7A
                                                                                                                                                                                                                  • Part of subcall function 00411C69: CloseHandle.KERNEL32(?,?,?,?,00411691,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080,00000003,00000000,00000000), ref: 00411CA2
                                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,?,?,?,?,00000000,?,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080,00000003), ref: 004116DF
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000), ref: 004116ED
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateDecrementErrorFileH_prologHandleInterlockedLast
                                                                                                                                                                                                                • String ID: toys::file
                                                                                                                                                                                                                • API String ID: 1883868898-314977804
                                                                                                                                                                                                                • Opcode ID: 948577bfb73e4645a423e7faab58c135343c4e3e08297271fcafa3e406cd693f
                                                                                                                                                                                                                • Instruction ID: c53540afc9ed22950d76bcc64ed983805cbffcc013254ddb641ad57e22b9b62c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 948577bfb73e4645a423e7faab58c135343c4e3e08297271fcafa3e406cd693f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E621D571600204AFCB10AF75DD81AEE3BA5EB84358F10452FF666933E1DB3D88409628
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040B7F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040B7F5
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 00401581: __EH_prolog.LIBCMT ref: 00401586
                                                                                                                                                                                                                  • Part of subcall function 00401581: GetLastError.KERNEL32(02151168,00000000,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015AF
                                                                                                                                                                                                                  • Part of subcall function 00401581: SetLastError.KERNEL32(?,00000000,?,0041E199,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000,00000001,00000001,00000000), ref: 004015DD
                                                                                                                                                                                                                  • Part of subcall function 0040AEF4: __EH_prolog.LIBCMT ref: 0040AEF9
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: .$tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-3655904522
                                                                                                                                                                                                                • Opcode ID: 0680a02813b63740f45960c3912e504f4380c5dc9ab59c91849d385ab84cbffa
                                                                                                                                                                                                                • Instruction ID: 4579f4b9ac5ceffa1359283ff1489a8541986bcdaf05fd725d0c8c53f2b97962
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0680a02813b63740f45960c3912e504f4380c5dc9ab59c91849d385ab84cbffa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2311CB1D00219EEDB11EFA5C891BDDBBB8EF14308F10406AE505772D2DB781A49CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D02C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041D031
                                                                                                                                                                                                                  • Part of subcall function 004204D4: wsprintfA.USER32 ref: 004204E6
                                                                                                                                                                                                                  • Part of subcall function 004204D4: LoadStringA.USER32(?,?,?), ref: 00420511
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041D09A
                                                                                                                                                                                                                  • Part of subcall function 0041CE57: SetWindowTextA.USER32(?,00000000), ref: 0041CE61
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                  • Part of subcall function 00420C44: lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • %s: %s, xrefs: 0041D094
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 0041D0B5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wsprintf$H_prologLoadStringTextWindowlstrcatlstrcpynlstrlen
                                                                                                                                                                                                                • String ID: %s: %s$C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 530167989-3035542176
                                                                                                                                                                                                                • Opcode ID: 9fd2345c91f7da2d8b087f3c9634c81b68a3f66033605af7d1ebf2ff0a5e57ef
                                                                                                                                                                                                                • Instruction ID: 1c11aa0a19b035e54d766519d9142c99ff3e648fe3bd8f29f17f6887ece2d285
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fd2345c91f7da2d8b087f3c9634c81b68a3f66033605af7d1ebf2ff0a5e57ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD118172A00219ABDB11EBA5DC06BDEBB74BF44308F1045BAF314B50E2DB785658CA44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404192 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: $oA$dC
                                                                                                                                                                                                                • API String ID: 3519838083-3678287390
                                                                                                                                                                                                                • Opcode ID: b8d1de7b39d502a5fea03c3c0f997cfb9280fea52be152c5e8bdc30944dd3162
                                                                                                                                                                                                                • Instruction ID: 5c32757f56bae3ec4d7ed42ee0345f51c339ba7efbb631dbfeb82d68b4161c84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8d1de7b39d502a5fea03c3c0f997cfb9280fea52be152c5e8bdc30944dd3162
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1015EB4700201BBDF18EB16DC15B6F366AEBD4718F00412EF912AB2D1CB389E10C66C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040B6E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040B6E5
                                                                                                                                                                                                                • GetLastError.KERNEL32(00436474,00000001,0043647C,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000,00000001), ref: 0040B70E
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,00000000,00000000,00000000,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 0040B763
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 2881783280-1551560817
                                                                                                                                                                                                                • Opcode ID: 76422ffe8749950f18bb7bdb6faf9cc1dd2f72abcff6babc5bfff87a57867a8a
                                                                                                                                                                                                                • Instruction ID: 054553cc0b7834e48527a3ff469fc29d116ef18375bd7a797fea3973b71837a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76422ffe8749950f18bb7bdb6faf9cc1dd2f72abcff6babc5bfff87a57867a8a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 681166B5600346EFCB109F69C88484AFBF4FF58308B40896EF48A97362C774E904CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041A721 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041A726
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0041A9B1: __EH_prolog.LIBCMT ref: 0041A9B6
                                                                                                                                                                                                                  • Part of subcall function 0041A9B1: GetLastError.KERNEL32(00436474,00000001,0043647C,?,0041A777,00000000,00000001,00000000,00000000,?,00000000,ISSCRIPTCMDLINE,75BF8400,00000000), ref: 0041A9DF
                                                                                                                                                                                                                  • Part of subcall function 0041A9B1: SetLastError.KERNEL32(?,?,00000000,00000000,?,0041A777,00000000,00000001,00000000,00000000,?,00000000,ISSCRIPTCMDLINE,75BF8400,00000000), ref: 0041AA20
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: ISSCRIPTCMDLINE$tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2132639760
                                                                                                                                                                                                                • Opcode ID: a86d8de9aac48f3c3da932222f5022924f3b49b92ca101e287530b99df217056
                                                                                                                                                                                                                • Instruction ID: 01e98d7f17d14cfdcc11c0dd75cdd4187933f228aef3468b66c43898667479ac
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a86d8de9aac48f3c3da932222f5022924f3b49b92ca101e287530b99df217056
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3118CB1900258ABCB01EF95D855BEEBF75FF58318F10402EF55567281CB781A48CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00403BC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00403BC5
                                                                                                                                                                                                                • GetLastError.KERNEL32(004364B4,00000001,004364BC,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403BEE
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,00000000,00000000,00000000,?,00402B1E,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 00403C43
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 2881783280-1551560817
                                                                                                                                                                                                                • Opcode ID: ae63ab7ccd92dd40fdcf4dadff417ae1b0d1c6a74fe29ab42d5dc89b3f45813a
                                                                                                                                                                                                                • Instruction ID: 017f495f9e04111e67d33887e3b123316ffc806a158f13b39b759f5269e5c7dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae63ab7ccd92dd40fdcf4dadff417ae1b0d1c6a74fe29ab42d5dc89b3f45813a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87116675600346EFCB109F69C88484AFBF4FF58308B40892EE49A97352C7B4EA04CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DF69 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041DF6E
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: __EH_prolog.LIBCMT ref: 0040B6E5
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: GetLastError.KERNEL32(00436474,00000001,0043647C,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000,00000001), ref: 0040B70E
                                                                                                                                                                                                                  • Part of subcall function 0040B6E0: SetLastError.KERNEL32(?,00000000,00000000,00000000,?,0040AFA1,?,?,00000000,?,00000000,00429A4C,FFFFFFFF,00000001,?,00000000), ref: 0040B763
                                                                                                                                                                                                                  • Part of subcall function 0041DE26: __EH_prolog.LIBCMT ref: 0041DE2B
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: Languages$tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-909386891
                                                                                                                                                                                                                • Opcode ID: 7b8623b531656a9ea72553682d182146eebf3c60ac7d07da386a1cc9c995a1f4
                                                                                                                                                                                                                • Instruction ID: 11e2ddd478bae13379fe777a8e159d9b0e3bc9e6fed7d5707785ff5ff9285866
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b8623b531656a9ea72553682d182146eebf3c60ac7d07da386a1cc9c995a1f4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4511A371D0011CBBCB14DFD5D8058DEBB79EB54364F00812BF406A7241D7389A48CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041F6D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041F6DD
                                                                                                                                                                                                                • GetLastError.KERNEL32(004364B4,00000004,004364BC,?,0041EE68,?,?,?,00000000,02151168,00000000,00000000), ref: 0041F706
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,00000000,?,00000000,?,0041EE68,?,?,?,00000000,02151168,00000000,00000000), ref: 0041F754
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 2881783280-1551560817
                                                                                                                                                                                                                • Opcode ID: 17c510685c05f2bc7d9874f8d72322ae9dd72c00b3c2e87cbf0aba8049d848d4
                                                                                                                                                                                                                • Instruction ID: cb83227ed186edf97dfee6b4e652b8230f0f2e99ed51684faf11d40f557dca69
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17c510685c05f2bc7d9874f8d72322ae9dd72c00b3c2e87cbf0aba8049d848d4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C711487560060AEFCB20DF59D58088AFBF1FF58704B41856EE48AA7352C774E915CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040C433 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0040C478
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeString
                                                                                                                                                                                                                • String ID: \tdC$tdC$tdC
                                                                                                                                                                                                                • API String ID: 3341692771-1217256054
                                                                                                                                                                                                                • Opcode ID: 770246b674da0e1fb6c082cc0b5596ae195158226ca40d67aeb5cdd290dd5ab3
                                                                                                                                                                                                                • Instruction ID: 9830fe05bd3d1e266ff27d9d9ac45268f2d93fa5b8b17f955c1b29a7d9d68ac1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 770246b674da0e1fb6c082cc0b5596ae195158226ca40d67aeb5cdd290dd5ab3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37019635200602EBC7249F19C451BB6B3E8FF91710F15822EA852AB681D778E909CB6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00428125 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 0042814F
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 00428164
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 2172605799-1556624830
                                                                                                                                                                                                                • Opcode ID: b9db1bb1a418d014aab24315f455aa1b58dcd3352b36d0c416253ba6f7f1496a
                                                                                                                                                                                                                • Instruction ID: 33b7a8edb92dd2830899d11c5e5d8e5d8efd13bc234504caa70ea88d86b20432
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9db1bb1a418d014aab24315f455aa1b58dcd3352b36d0c416253ba6f7f1496a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF0AF763062326BE720AF15FC82AAEA765EFC2311F95443FF104451D4CFA89893866E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042D7CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 0042D7F0
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 0042D805
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 2172605799-1556624830
                                                                                                                                                                                                                • Opcode ID: 983099bc19af77cbe3b2f52fbe8274774664a7afb60b7172b48b17f1d79c3297
                                                                                                                                                                                                                • Instruction ID: de8f5417f2266793152f8c6de053fb566ad7f8f9802312b4371a35e6c0335179
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 983099bc19af77cbe3b2f52fbe8274774664a7afb60b7172b48b17f1d79c3297
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CF0C272B052726BE710BF55BCC294BA3A8FBC2721F95543FF01485151CB68C881C65E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042AC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 0042AC3C
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 0042AC51
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 2172605799-1556624830
                                                                                                                                                                                                                • Opcode ID: e9c6298ca2fabadf242d8605f871c5f470aff24c4f3f688e5b4fe92b43decaf3
                                                                                                                                                                                                                • Instruction ID: a514365d1f96c74d9378113446de06c06e981c42c091e8d0588b64f16002765b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9c6298ca2fabadf242d8605f871c5f470aff24c4f3f688e5b4fe92b43decaf3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0C2323056316FE720AF6BBDC594B6769FB82321F95443FF90185190CBA898928A5F
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410ED5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00410EDA
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 00407585: __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 00407585: lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Languages, xrefs: 00410F12
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI, xrefs: 00410EF0
                                                                                                                                                                                                                • count, xrefs: 00410F0D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcmp
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}\Setup.INI$Languages$count
                                                                                                                                                                                                                • API String ID: 4174983478-1146931302
                                                                                                                                                                                                                • Opcode ID: 18654295c2ee57c546b92a50332e07a299e44b9228fbfc32bff12dea66ff40e4
                                                                                                                                                                                                                • Instruction ID: e8eac9a3eb0035e59857f9b3c19899a4df6bd68f7da1325ef7aaa792b4525e1a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18654295c2ee57c546b92a50332e07a299e44b9228fbfc32bff12dea66ff40e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89017172E00214ABCB14EFA9D952ADDB774EB08718F20816FF422761D0D7BC1B09CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004022FB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402300
                                                                                                                                                                                                                • GetLastError.KERNEL32(74DE8B60,00000104), ref: 0040232C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00402361
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 2881783280-1551560817
                                                                                                                                                                                                                • Opcode ID: 2d52adde5ef6855f84fa84f089f8033af787f9de70878a7ead3987dfa0d2a82e
                                                                                                                                                                                                                • Instruction ID: 64b4ad9014e8e33a25ce99f6e47c3214811f0f95deecb8ec2bb9e480ad09f0be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d52adde5ef6855f84fa84f089f8033af787f9de70878a7ead3987dfa0d2a82e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A018431500204EBDB15EB79D589BDEBBB8EF04318F00812EF442B32D1DBB89A45C704
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409F75
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000104), ref: 00409FA1
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00000000,?,00000001), ref: 00409FD6
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: 4$D
                                                                                                                                                                                                                • API String ID: 2881783280-1551560817
                                                                                                                                                                                                                • Opcode ID: 811ffdb286fd3ee7270a4490d9c56a7e75a01af70de3e97d43fec4d696ce0743
                                                                                                                                                                                                                • Instruction ID: c43059bb1622d51ee0e29faa8e638a24c42349e9c952408bb39c33eb8369e161
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 811ffdb286fd3ee7270a4490d9c56a7e75a01af70de3e97d43fec4d696ce0743
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7018431900105EFDB15EB69C445BEEB7B9EF04318F00853EF011A32E2DB789945CB14
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A71D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040A722
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(00000000,?,00000000,?,00000003,?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?), ref: 0040A753
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0041463A,?,00000000,?,00000001,00000000,00442430,00000000,00000032,?,00000032), ref: 0040A764
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wsprintfA.USER32 ref: 00420493
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wvsprintfA.USER32(?,?,?), ref: 004204AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$ByteCharLibraryLoadMultiWidelstrlenwsprintfwvsprintf
                                                                                                                                                                                                                • String ID: tdC
                                                                                                                                                                                                                • API String ID: 2622529241-1123919639
                                                                                                                                                                                                                • Opcode ID: 1da230f500b13cb9d0eafeb243384e275b9dc7725386b78fe33fa38bf48891c5
                                                                                                                                                                                                                • Instruction ID: 6ceec37feba07e11262af58f70fe5320cfac878023a3e2ef0face7ca4c30ad31
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da230f500b13cb9d0eafeb243384e275b9dc7725386b78fe33fa38bf48891c5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A01D670D00210BFC710AF55D80556EBFF9EF99350F01852FF88593352CBB889008A6D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0043085A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00446CEC), ref: 00430866
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 0043087D
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B731
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: EnterCriticalSection.KERNEL32(?,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B74C
                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00446CEC), ref: 004308A9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                                                                                                                                                                • String ID: lD
                                                                                                                                                                                                                • API String ID: 2038102319-1556624830
                                                                                                                                                                                                                • Opcode ID: 68ba9b5a12dc7f8731d66c210015807dd9605c721ff381a7e79ad423de870320
                                                                                                                                                                                                                • Instruction ID: e6937f914d2ce01282821c95dad02547b844a18c1158ab8b6cc82b595c82b59a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68ba9b5a12dc7f8731d66c210015807dd9605c721ff381a7e79ad423de870320
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BF0E9321011197FF7147B56FCD19CA376CEF85335F11803BF504491518BB989428AED
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040191F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$FreeString
                                                                                                                                                                                                                • String ID: |dC
                                                                                                                                                                                                                • API String ID: 2425351278-1290729135
                                                                                                                                                                                                                • Opcode ID: 3dc7c23a122f8b060085a4f6ce35bf8e4d2f208c1c6abf2db7b429784c217759
                                                                                                                                                                                                                • Instruction ID: 8d885547d4e277207572a3df1b448b3ee5c326aa4fa73ddfa905da5b5123ec0d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dc7c23a122f8b060085a4f6ce35bf8e4d2f208c1c6abf2db7b429784c217759
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2F06D363005119FCB189F2CEC09999B7E1EB89B10316867DE486C72A5DF35E815CB44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00426B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: 0$D$0$D$string too long
                                                                                                                                                                                                                • API String ID: 3519838083-3605364338
                                                                                                                                                                                                                • Opcode ID: 84d5a7617be799898a290f4d0d7d06c229e51341c8a71fa7352e1bd59999d1d8
                                                                                                                                                                                                                • Instruction ID: 480b5ba95fbcd6d2858fdf43ed7542b83172aa2780e8285809aa9aa2076c40a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84d5a7617be799898a290f4d0d7d06c229e51341c8a71fa7352e1bd59999d1d8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47F06276700255AFDB009B45DC41BAEBBA8EF84344F00806FF111A7242C7B85A04C7A8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407585 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040758A
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,00442430,?,?,00442430,?,?,?,Languages,00000000,?,0041CF62,Languages,count,00000000,?), ref: 004075B9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrcmp
                                                                                                                                                                                                                • String ID: 0$D$Languages
                                                                                                                                                                                                                • API String ID: 4174983478-4147398553
                                                                                                                                                                                                                • Opcode ID: d1b974d1f7c8c5aa4771bfd2a55a39c624c78176810b12dc50600d0cbbbbd559
                                                                                                                                                                                                                • Instruction ID: 63335590797c48ada9e57502c80fda3333a096813036ea657472c9d98f0e5d36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1b974d1f7c8c5aa4771bfd2a55a39c624c78176810b12dc50600d0cbbbbd559
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36F09031504119FBDF119F05ED06ADF3F25EF01369F00802BF800666A1CB799D20DB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042D954 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,00428A81), ref: 0042D959
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0042D969
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                • Opcode ID: 923737e30eeaa3c07186a637071c3e12a4bc623acb502d1e0e8d581adb3536ed
                                                                                                                                                                                                                • Instruction ID: c3308eda263db30da73ae20e61aecdb5fe021712c90e291a2216c4ec01b33ac1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 923737e30eeaa3c07186a637071c3e12a4bc623acb502d1e0e8d581adb3536ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BC08CE0B8931272FF202BB26C09F3B24086B0CB03F61A5A3B482D12C4CF9CC040A02D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004252DE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetNativeSystemInfo), ref: 004252ED
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004252F4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32
                                                                                                                                                                                                                • API String ID: 1646373207-3846845290
                                                                                                                                                                                                                • Opcode ID: fd095a6aca9233ce9c5df15db53d2860de404038e764935d4f805f22bfb50747
                                                                                                                                                                                                                • Instruction ID: bf2de26b0701b6648f4074f8884ef2a22305f60ec258e9e4ae7caf26b5cef8eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd095a6aca9233ce9c5df15db53d2860de404038e764935d4f805f22bfb50747
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99C09BB4E42702FFCA001BE0FD0D9193A54E70D7037617173BC0295165CA7811049E1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042528F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 0042529E
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004252A5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                • Opcode ID: 1d0c03785477faac14073efc9edc9892b3d18d4c108fabbbc0bfcc1396a76841
                                                                                                                                                                                                                • Instruction ID: 202c0f2d1e2768d904ca74bd4d83b4d9cbfe88f6db40aee63f2f209134879dea
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d0c03785477faac14073efc9edc9892b3d18d4c108fabbbc0bfcc1396a76841
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14C09BB4A41702FBCA002B71BC0D9193A64B70D702731A473FC0295166C67D00045F1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00425300 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,Wow64EnableWow64FsRedirection), ref: 0042530F
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00425316
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: Wow64EnableWow64FsRedirection$kernel32
                                                                                                                                                                                                                • API String ID: 1646373207-1260278450
                                                                                                                                                                                                                • Opcode ID: 402f5aecd2ca6dd8b1252c1d03154cab07cf3f8b8aff99d361c30c9f73eaf482
                                                                                                                                                                                                                • Instruction ID: 612529ffd4d4f7c17c290ef84a29b6ec0173e2ed03e15d3d6c6f3f8d944d9cff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 402f5aecd2ca6dd8b1252c1d03154cab07cf3f8b8aff99d361c30c9f73eaf482
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1C092B5A42702BBCA00ABA0FC0DD193A64B70DB02BA2B173BC02D1169EBB840059A1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00429D9A Relevance: 6.5, APIs: 5, Instructions: 278COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 70814f33e739492fd64ba40272af18263ef337cd86059a24fec695d3914b1ca3
                                                                                                                                                                                                                • Instruction ID: 1c7b8ddc71023e9b8c90a90e4c5902e8ee2b56eaf68496bac26a8d72ed78efd7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70814f33e739492fd64ba40272af18263ef337cd86059a24fec695d3914b1ca3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B191E471F00134ABDB21EF65FD80ADF7B74EB05364FA50127F854A6291D7398D4086AE
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042C483 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00002020,0043FA20,0043FA20,?,?,0042C94F,00000000,00000010,00000000,00000009,00000009,?,00427B63,00000010,00000000), ref: 0042C4A4
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,0042C94F,00000000,00000010,00000000,00000009,00000009,?,00427B63,00000010,00000000), ref: 0042C4C8
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,0042C94F,00000000,00000010,00000000,00000009,00000009,?,00427B63,00000010,00000000), ref: 0042C4E2
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,0042C94F,00000000,00000010,00000000,00000009,00000009,?,00427B63,00000010,00000000,?), ref: 0042C5A3
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,0042C94F,00000000,00000010,00000000,00000009,00000009,?,00427B63,00000010,00000000,?,00000000), ref: 0042C5BA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual$FreeHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 714016831-0
                                                                                                                                                                                                                • Opcode ID: 30e39069d949263d94a5f66e36f5b0b7a38e878573757fc5dd5872fd976f742d
                                                                                                                                                                                                                • Instruction ID: ee1b3c54b2808ba3490cb5eb93ad39d3edbbe942f70b5233751a04efc888ad09
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30e39069d949263d94a5f66e36f5b0b7a38e878573757fc5dd5872fd976f742d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B310471B40B21BFD3309F24EC84B2AB7E0FB49754F51853AE45A976A0D778E8848B4C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00425527 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 199stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,GIF87a), ref: 0042556B
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,GIF89a), ref: 00425583
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmp
                                                                                                                                                                                                                • String ID: GIF87a$GIF89a
                                                                                                                                                                                                                • API String ID: 1534048567-2918331024
                                                                                                                                                                                                                • Opcode ID: 5bf677234300149bf5828593bf1fdca3faaf2ca6bce714a1e11ebeff92f8fc77
                                                                                                                                                                                                                • Instruction ID: 57b00ca87a5adec84497a59ffa52e227a89bd0966873714414d9eae2cc1467eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bf677234300149bf5828593bf1fdca3faaf2ca6bce714a1e11ebeff92f8fc77
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B612471740311EBDB208F64E886FA6B7F9EF19314FA0441BE885CB242E779D944CB59
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00430662 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,00000000,00000000,004311E3,00000000,00001000), ref: 00430729
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                • Opcode ID: 6498533bca044fcca7b9c8b8f8b2f28bd0f140bd4e53080b15a82ff8b927e462
                                                                                                                                                                                                                • Instruction ID: a585615aa7a08f983875dc244ce0f7f9524b7196afe8a43ab26e0d10c46bbb94
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6498533bca044fcca7b9c8b8f8b2f28bd0f140bd4e53080b15a82ff8b927e462
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1451C371A00208EFCF11CF68C895A9E7BF4FF49340F2192AAE8159B251D774EA50CF69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A2F6 Relevance: 6.1, APIs: 4, Instructions: 118windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040A2FB
                                                                                                                                                                                                                • GetWindowDC.USER32(00000000,?,?,00000000,00000000), ref: 0040A3DB
                                                                                                                                                                                                                • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0040A3F6
                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 0040A41D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: BitmapCreateH_prologReleaseWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 245086582-0
                                                                                                                                                                                                                • Opcode ID: 712f8de820aa39faa1311a4694aee3d60b4aa3b7f0a953502c72654b15749b36
                                                                                                                                                                                                                • Instruction ID: db53c73f9a3c86c6fe7f273ed2f51316e6f60ab2e075e1245cb031e3ae36ffd3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 712f8de820aa39faa1311a4694aee3d60b4aa3b7f0a953502c72654b15749b36
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42418D71E00219AFDB14DFA5EC45EEEBBB5FF48304F50412EE515A72A1D7749940CB18
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00430BE0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B731
                                                                                                                                                                                                                  • Part of subcall function 0042B6F4: EnterCriticalSection.KERNEL32(?,?,?,00430238,00000009,00000000,00000000,00000001,0042AA98,00000001,00000074,?,?,00000000,00000001), ref: 0042B74C
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,74DE8B60,74DE8B60,004310D1,74DE8B61,00000000,00000000), ref: 00430C33
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,74DE8B60,74DE8B60,004310D1,74DE8B61,00000000,00000000), ref: 00430C48
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000068,?,00000000,74DE8B60,74DE8B60,004310D1,74DE8B61,00000000,00000000), ref: 00430C55
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 713024617-3916222277
                                                                                                                                                                                                                • Opcode ID: a746f9aad21e1b93bf3779f615aaf64e851f54062ea786b680d720c8cd6d924d
                                                                                                                                                                                                                • Instruction ID: dbc98160174bc5c675ba3fa0ba283314c9f3c21965fec7e147a8a7042a38ca9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a746f9aad21e1b93bf3779f615aaf64e851f54062ea786b680d720c8cd6d924d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 333135722053119FE7189F24EC8475B77D0FB48328F25AB2EE566472C2D7B89844875A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004165C2 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000,?,?,00000000), ref: 0041660C
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00416651
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpywsprintf
                                                                                                                                                                                                                • String ID: %s /g %s /g %s$%s /g %s /g %s /s
                                                                                                                                                                                                                • API String ID: 2408954437-3131057161
                                                                                                                                                                                                                • Opcode ID: 4f6ea7f0b3696adb0e31b5a8e5a885fa49ef19ff5ca5135497f480ea208c0035
                                                                                                                                                                                                                • Instruction ID: 744069436c7f98587977085d2460b5d0e7cb2709a266d1323026b94dd38c9327
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f6ea7f0b3696adb0e31b5a8e5a885fa49ef19ff5ca5135497f480ea208c0035
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A314B72A0052C7FEF108B64DC54BDF77A9AB04305F0044BAF205A6092DBB9DED88F89
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420EF7 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 82stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000,?,00000000), ref: 00420F26
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,00000000), ref: 00420F32
                                                                                                                                                                                                                  • Part of subcall function 00420FD2: lstrlenA.KERNEL32(?,74DE83C0,00420F40,?,?,00000000), ref: 00420FDC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$lstrlen
                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$0$D
                                                                                                                                                                                                                • API String ID: 367037083-1272127632
                                                                                                                                                                                                                • Opcode ID: 9022adface7a6266d3e55cbfcda7aa9ebba735dca3813f91d46ebc4f6e01c41b
                                                                                                                                                                                                                • Instruction ID: 6a7bc95ed7267c5e7a85ab924ddf36f101ac6c0f2a5a3c6036b30b8560466cd4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9022adface7a6266d3e55cbfcda7aa9ebba735dca3813f91d46ebc4f6e01c41b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F2157B2D0112CAACF20DF95ED81DDEBBFCAF48314F5141A7E105E3151E6B8E6858BA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408FE6 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0040909D: GetVersionExA.KERNEL32(?), ref: 004090C0
                                                                                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000000,?,00000000,?,00000000,?,?,00000000,?,00408F71,?,?,00000000,?,?), ref: 00409008
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,00000002,00000000,00000000,?,00000002,00000000,00000000,?,?,00000000), ref: 0040907B
                                                                                                                                                                                                                • CompareStringA.KERNEL32(00000400,00000001,00000000,00000000,00000000,00000000,?,00000002,00000000,00000000,?,?,00000000,?,00408F71,?), ref: 0040908D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CompareString$ByteCharMultiVersionWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3684582312-0
                                                                                                                                                                                                                • Opcode ID: 4cfd3dba82b321e39871898294e3c542a77867faa45e89201b5493c5d29487fb
                                                                                                                                                                                                                • Instruction ID: 2abdd894a310d57f598ad255ca2f294460efb839b687c4f5e0ad376775b314d0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cfd3dba82b321e39871898294e3c542a77867faa45e89201b5493c5d29487fb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 762158B2100219FFEB119F94CC82DEB7F6CEF05258B01882AFA1596251D371EE24CBB5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402102 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402107
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000001,?,0041D5AB,no_engine,?,00000001,?,?,00000001,?,?,004070FA,0043D25C,000010B4), ref: 00402130
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000001,00000000,?,0041D5AB,no_engine,?,00000001,?,?,00000001,?,?,004070FA,0043D25C,000010B4,00000001), ref: 00402167
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,0041D5AB,no_engine,?,00000001,?,?,00000001,?,?,004070FA,0043D25C,000010B4,00000001), ref: 0040219F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2881783280-0
                                                                                                                                                                                                                • Opcode ID: bbfaf7d2687e273b86c589186779cfef789d1fd3591f54a3a6dd476ac6a4601a
                                                                                                                                                                                                                • Instruction ID: 14de44800a59b28a1584812e0da4d085b5d2d317e221c1412b255b5320c329aa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbfaf7d2687e273b86c589186779cfef789d1fd3591f54a3a6dd476ac6a4601a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81219775A00205EFCB21DF59C88499AFBF4FF18304B11816EE589AB3A1C7B4E905CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041826D Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00418272
                                                                                                                                                                                                                • GetLastError.KERNEL32(75A901C0,74DF0440,00000000,?,00414D5F,%IS_T%,?,00000001), ref: 0041829B
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000001,00000000,?,00414D5F,%IS_T%,?,00000001), ref: 004182D2
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00414D5F,%IS_T%,?,00000001), ref: 0041830A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2881783280-0
                                                                                                                                                                                                                • Opcode ID: abb4788328ce9d9699396c5d295e03959c8a2e1ae35968847e65c4187c9220c3
                                                                                                                                                                                                                • Instruction ID: 588e8b37104d563d5679561de0fe2c1beb854dd5e03a80cf43466b5538424394
                                                                                                                                                                                                                • Opcode Fuzzy Hash: abb4788328ce9d9699396c5d295e03959c8a2e1ae35968847e65c4187c9220c3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01218671600605EFCB22DF59C88099AFBF0FF18704B15816EE48A87321CB75E944CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041BBFF Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041BC19
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041BC50
                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0041BC62
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000001,?,00000000,00000000,?,00000000,?,?,0041BB3F,00000000,00000200,0041B337), ref: 0041BC78
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$ByteCharMultiWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 352835431-0
                                                                                                                                                                                                                • Opcode ID: cd3ba63b37b0af94ee2219495997b0b8caee0c99691e800faba0dcc7bfc976b3
                                                                                                                                                                                                                • Instruction ID: 0398a51538b87496479aa5a0dd243ebc095ac6b1165f8c56965192b3cf82f71d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd3ba63b37b0af94ee2219495997b0b8caee0c99691e800faba0dcc7bfc976b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37114C72204706AF8720DF65DD84C67B3EDEB557053518C2EF556D3650EB24FC848AA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408BF7 Relevance: 6.1, APIs: 4, Instructions: 62sleepfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00408BFC
                                                                                                                                                                                                                  • Part of subcall function 00408EAB: SysFreeString.OLEAUT32(?), ref: 00408EC0
                                                                                                                                                                                                                  • Part of subcall function 00408EAB: SysStringLen.OLEAUT32(?), ref: 00408EC9
                                                                                                                                                                                                                  • Part of subcall function 00408EAB: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00408ED3
                                                                                                                                                                                                                  • Part of subcall function 00407FDF: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,?,00000000,00000000,?,00000104,0041F19B,0043E954,?,00000000,00000000,?), ref: 00408042
                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?,00436F5C,?,00000000,?,004083EB), ref: 00408C47
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00436F5C,?,00000000,?,004083EB), ref: 00408C5F
                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,00436F5C,?,00000000,?,004083EB), ref: 00408C77
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$AllocByteCharCloseCreateFileFreeH_prologHandleMultiSleepWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1308190005-0
                                                                                                                                                                                                                • Opcode ID: ac155f8cc794227f2e9369b5323de75d106a1b2a47a25ab4ae3cc29d018f4607
                                                                                                                                                                                                                • Instruction ID: c7abba8a32960deb5518ed27afe6c2488d55a9b140ab8d5c52f931172d050d70
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac155f8cc794227f2e9369b5323de75d106a1b2a47a25ab4ae3cc29d018f4607
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7611E9712043029BE220AF24DD45B1BB3E5EB81735F104B3EF5F1A22D0CBB89845CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00410649 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00443D50,00444778,?,00000000,?,?,00410622,?,?,00410561,?), ref: 00410656
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00443D50,ALL), ref: 00410666
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpilstrlen
                                                                                                                                                                                                                • String ID: ALL$P=D
                                                                                                                                                                                                                • API String ID: 3649823140-3258713346
                                                                                                                                                                                                                • Opcode ID: ad0cadb3e5dd7a5cc27155814cfc00559bab1aa8ff86b6713d67369dcc42cd00
                                                                                                                                                                                                                • Instruction ID: 4b0b38d2bf01378b1730c242b9a4c8f57f5a7c1393d47cbf16bef386d24e7f6e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad0cadb3e5dd7a5cc27155814cfc00559bab1aa8ff86b6713d67369dcc42cd00
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF012B75B022157AE724AA62BC46FDF372CCF82365F14003BF50992140E698AD90C1BD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041D35D Relevance: 6.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 0041D369
                                                                                                                                                                                                                  • Part of subcall function 004204D4: wsprintfA.USER32 ref: 004204E6
                                                                                                                                                                                                                  • Part of subcall function 004204D4: LoadStringA.USER32(?,?,?), ref: 00420511
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0041D39E
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041D3FA
                                                                                                                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 0041D40D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Windowwsprintf$LoadStringTextlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1776808806-0
                                                                                                                                                                                                                • Opcode ID: 7165188b1306f381bdf482e3370129f3cc4fca916d6673119c2e381f652176b3
                                                                                                                                                                                                                • Instruction ID: bcc52a87aa781956a2e73669831e6f5fc7911737b3a62418e5ac246b74c44ecd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7165188b1306f381bdf482e3370129f3cc4fca916d6673119c2e381f652176b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8911517290011DABDB14AB60EC06BDE77BCEF04311F40807BFA04D5052EF38DA858B98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042436C Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000002,?,00000000,?,000000FF), ref: 00424399
                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004243A9
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 004243B7
                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 004243C1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$DispatchMultipleObjectsPeekTranslateWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2231909638-0
                                                                                                                                                                                                                • Opcode ID: de34859dbd7f3cfd7beec900d6b9960fc6c4d9117b193b9fd23c0c7d297f6478
                                                                                                                                                                                                                • Instruction ID: b905669623c10c42e94303256f9b3177a55484f6ff8006b7e1e9bcd8566323c9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de34859dbd7f3cfd7beec900d6b9960fc6c4d9117b193b9fd23c0c7d297f6478
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E0129B2A00219BFDB00CFD4EC84EEABBBCEB48754F214066BA01E6140D271DD458B24
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401CF2 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                • GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$FreeH_prologString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1156525562-0
                                                                                                                                                                                                                • Opcode ID: 180e200757eab0ff33b211dd0670d14b830092e83d946018d586892c8f5dc3ef
                                                                                                                                                                                                                • Instruction ID: ffc87c42d37fe55504c46a64b52cd0c4da1099e436faa950781d5ae6a99a0997
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 180e200757eab0ff33b211dd0670d14b830092e83d946018d586892c8f5dc3ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7801B176700511EFCB14DF2CE809A99B7F0FF48314B06827EE846D3261DB75A900CB84
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00426E4C Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(004455E8,00000001), ref: 00426E74
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(004455D0,?,00000000,00000000,00404FF1,74DE8B60,?,00000000,?,?,?,0040239B,?,?,?,004020AC), ref: 00426E7F
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(004455D0,?,00000000,00000000,00404FF1,74DE8B60,?,00000000,?,?,?,0040239B,?,?,?,004020AC), ref: 00426EBE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterExchangeInitializeInterlocked
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3643093385-0
                                                                                                                                                                                                                • Opcode ID: 2857b5e909cd5ea6b79d47a16b202e794f9505a71ceb9dde63e5df80ee13d933
                                                                                                                                                                                                                • Instruction ID: 26af49e9a09af73912847b9c2229f6dc567d801912bad5f3fc8cbbfaa61a9c9d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2857b5e909cd5ea6b79d47a16b202e794f9505a71ceb9dde63e5df80ee13d933
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F03C79344A20BBEE11AB55FC89A273659EB91792BB74037F50190166E7784C80C61D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041F821 Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041F826
                                                                                                                                                                                                                • GetLastError.KERNEL32(02151168,?,?,0041F7E9,?,?,00000001,?,?,?,0041F69F), ref: 0041F852
                                                                                                                                                                                                                • SysAllocStringLen.OLEAUT32(00000000,?), ref: 0041F864
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,0041F7E9,?,?,00000001,?,?,?,0041F69F), ref: 0041F893
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AllocH_prologString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1734030179-0
                                                                                                                                                                                                                • Opcode ID: 79f8a06f28986156334ad6d190af9ac436d102c688c661ed4d6531d37d20912b
                                                                                                                                                                                                                • Instruction ID: cea489fb9345b73f17879bd3c75e9bc8af1a7bca5dd798616b559de51db4f9ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79f8a06f28986156334ad6d190af9ac436d102c688c661ed4d6531d37d20912b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16113971500702EFC7209F54D805B8ABBF0FF08718F11C52EE85697651C7B9E904CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041B91C Relevance: 6.0, APIs: 4, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041B921
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000200,?,0041B360,0043E648,00000001,?,?,00000000), ref: 0041B94D
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0041B95C
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000200,?,0041B360,0043E648,00000001,?,?,00000000), ref: 0041B98B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$AllocH_prologString
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1734030179-0
                                                                                                                                                                                                                • Opcode ID: 5846c43158c367ff81bce4dea7e4c9fcfc9ce2904c2be5d297f910aff867c1c6
                                                                                                                                                                                                                • Instruction ID: e6424c2f61f28950464f1b6063dd38448cc756230ea3bd2fde5ed641ef407bfe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5846c43158c367ff81bce4dea7e4c9fcfc9ce2904c2be5d297f910aff867c1c6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C113571500602EFC7209F58D408B8ABBF0FF08719F11C46EE89A8B651C7B9E908CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041BB44 Relevance: 6.0, APIs: 4, Instructions: 40memorystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0041BB52
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,0041BB24,?), ref: 0041BB65
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001,?,0041BB24,?), ref: 0041BB8C
                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0041BB96
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$AllocByteCharFreeMultiWidelstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 90228818-0
                                                                                                                                                                                                                • Opcode ID: 3d1b36e3d7569f0d34c8189476fd68d371b48294c77919301a832a8765984a70
                                                                                                                                                                                                                • Instruction ID: ca9c5eb8848c49eba21dd1138a1cf53a5e621d6ef67f61765854b7d9d9dcb6e6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d1b36e3d7569f0d34c8189476fd68d371b48294c77919301a832a8765984a70
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75F0D132900215FBCB205F11CC09B8BBF78EB41360F12817AF815962A0E7B06A54CB94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040FB45 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040FB6F
                                                                                                                                                                                                                • IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,0040FB04), ref: 0040FB83
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0040FB91
                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 0040FB9B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1266772231-0
                                                                                                                                                                                                                • Opcode ID: 25de9364cfcc375252cc91a8c0f26ee3e6d9033dbb800a7197b8aa3e9f389591
                                                                                                                                                                                                                • Instruction ID: c4502c58c8f6b501f51e89b15ab792c1f725ef83d87db668a9041faee3f776c7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25de9364cfcc375252cc91a8c0f26ee3e6d9033dbb800a7197b8aa3e9f389591
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0F01D71D00216EBCF319FA0EC48A9B7BBCEB15B52B104032E401E2455D23CA949CFAC
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EB4D Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 39stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharNextA.USER32 ref: 0040EB6B
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 0040EB7C
                                                                                                                                                                                                                  • Part of subcall function 0041D453: __EH_prolog.LIBCMT ref: 0041D458
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharH_prologNextlstrcpy
                                                                                                                                                                                                                • String ID: /noscript_uninst$noscript_uninst
                                                                                                                                                                                                                • API String ID: 1285412839-1242889402
                                                                                                                                                                                                                • Opcode ID: 4a02eda4d0dbfdd5e52aeeb5e713eb4b71335bbede09ee158a20f46846ecbcae
                                                                                                                                                                                                                • Instruction ID: a4eaa06bb3591553f949fee5de2196c995f3d58511591c4b85db78a016db7933
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a02eda4d0dbfdd5e52aeeb5e713eb4b71335bbede09ee158a20f46846ecbcae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACF02272604205BBC700EB15E886AEEB368BB00318F10813FF513A61D1CB3CA9418709
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041DC44 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,Startup,ClickOncePackage,00442430,00000000,00000400,?), ref: 0041DC96
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prologlstrlen
                                                                                                                                                                                                                • String ID: $ClickOncePackage$Startup
                                                                                                                                                                                                                • API String ID: 2133942097-1644928050
                                                                                                                                                                                                                • Opcode ID: 62e3751cd7c930cc6be17cafdf65a1c014f862611bea0f1f3e87a0b62f67a65d
                                                                                                                                                                                                                • Instruction ID: 30735423618fb98a6e38fcbac7eb955405329a0e958cea763030a143afec424c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62e3751cd7c930cc6be17cafdf65a1c014f862611bea0f1f3e87a0b62f67a65d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80F0E9B2F402153DEB219665DC05BA7B7A86B44708F1445FAB305F10C1FAF89946898C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040FAEC Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(00000001), ref: 0040FAF5
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040FB6F
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,0040FB04), ref: 0040FB83
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: TranslateMessage.USER32(?), ref: 0040FB91
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: DispatchMessageA.USER32(?), ref: 0040FB9B
                                                                                                                                                                                                                • GetDlgItem.USER32(000003EA), ref: 0040FB0F
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000408,00000000,00000000), ref: 0040FB27
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 0040FB3F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Send$DialogDispatchItemPeekTranslateWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4202329498-0
                                                                                                                                                                                                                • Opcode ID: d50909e43e6baf72a1412151e17c42189f3c02de730690e997ed52f520103189
                                                                                                                                                                                                                • Instruction ID: 25288ef9b3d485c8a4e7b402ac7ef09711044d5596d1d2b747e16acede36be46
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d50909e43e6baf72a1412151e17c42189f3c02de730690e997ed52f520103189
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5E0E5B12402017FEA111B51EDD5C3B767CDB81B56B10403AF700F60D0C670AC069A39
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040FA8D Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • IsWindow.USER32(00407941), ref: 0040FA93
                                                                                                                                                                                                                • GetDlgItem.USER32(000003EA), ref: 0040FAAD
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000408,00000000,00000000), ref: 0040FAC3
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0040FB6F
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,0040FB04), ref: 0040FB83
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: TranslateMessage.USER32(?), ref: 0040FB91
                                                                                                                                                                                                                  • Part of subcall function 0040FB45: DispatchMessageA.USER32(?), ref: 0040FB9B
                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000402,?,00000000), ref: 0040FADE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$Send$DialogDispatchItemPeekTranslateWindow
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4202329498-0
                                                                                                                                                                                                                • Opcode ID: 3a7e481f912c793286b1e409df507cfbce23668c69145b1cdeeb1b386f3f999a
                                                                                                                                                                                                                • Instruction ID: 9e1549f67bd6d20a5332210e18cca3653c353abc4bbe85abc36f63ad4e0fb3fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a7e481f912c793286b1e409df507cfbce23668c69145b1cdeeb1b386f3f999a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84F0A0717003017FEF219F61AC84E2BBAA8EB85B93F00403AF704A61E0C7B09C059A69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042140B Relevance: 6.0, APIs: 4, Instructions: 32windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00421421
                                                                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 0042142A
                                                                                                                                                                                                                  • Part of subcall function 00421361: GetLocaleInfoA.KERNEL32(00421438,00001004,?,00000014,?,?,?,?,?,?,?,?,?,?,?,00421438), ref: 00421388
                                                                                                                                                                                                                  • Part of subcall function 00421361: TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 004213A3
                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00421440
                                                                                                                                                                                                                • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 00421453
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoMessageSend$CharsetCreateFontIndirectLocaleObjectTranslate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2681337867-0
                                                                                                                                                                                                                • Opcode ID: 3296ee74aff333fb2fbdece5d5064c753ee34e1af09dec7d46e8821e79868191
                                                                                                                                                                                                                • Instruction ID: 2cd974987f2bb59bfca8839f5bbab01deeac62559f4801a9f05b597525fecca6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3296ee74aff333fb2fbdece5d5064c753ee34e1af09dec7d46e8821e79868191
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF0FE72940318BBEF19ABA0EC06FDD3B7CEB14740F104015BE01BA1E1DAB0A504CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420AEB Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharNextA.USER32(?,74DE8B60,?,00000000,00420C84,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B00
                                                                                                                                                                                                                • CharPrevA.USER32(?,?,74DE8B60,?,00000000,00420C84,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B09
                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B21
                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420B27
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 589700163-0
                                                                                                                                                                                                                • Opcode ID: bc324221232ffaeab3f04fbffe6ccaaedfa7a161a79b876a8a3d84f2783d9780
                                                                                                                                                                                                                • Instruction ID: 46eca1015ca403ac8b3a862df8199efadd31930a4e2e5f69491256412e7a8d9f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc324221232ffaeab3f04fbffe6ccaaedfa7a161a79b876a8a3d84f2783d9780
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DF030A1A042A56EE7226379AC44F676EDC4F5A311F5900A6F54093253CAA89C408779
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420C44 Relevance: 6.0, APIs: 4, Instructions: 32stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C4C
                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,-00000001,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C6A
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C76
                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,?,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420C8A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcatlstrcpylstrcpynlstrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3428934214-0
                                                                                                                                                                                                                • Opcode ID: d0319fb712a28eef34bad9ec4846ee57ef2e60192c101117446fd63eb9971ead
                                                                                                                                                                                                                • Instruction ID: 71d5164942fc1dd6b0471d6091e1f8a585502c44351141c2ac27dcb8e8f1c2bf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0319fb712a28eef34bad9ec4846ee57ef2e60192c101117446fd63eb9971ead
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83F05E71504129BBDF256F91EC08A9B3FADEF02361F918166F94585033C7768891DB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040EA5E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 29stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,hide_progress), ref: 0040EA6A
                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,hide_splash), ref: 0040EA80
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpi
                                                                                                                                                                                                                • String ID: hide_progress$hide_splash
                                                                                                                                                                                                                • API String ID: 1586166983-450596345
                                                                                                                                                                                                                • Opcode ID: e852e9279c6e01cb776c7204e7a356563172446163bd561fdc6dd875d4d82e2a
                                                                                                                                                                                                                • Instruction ID: c8a618ee38ae060b948807758c0e9bcc274a113c37ec209dd0ed359291aabf4b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e852e9279c6e01cb776c7204e7a356563172446163bd561fdc6dd875d4d82e2a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BF02731B00252E6C720CB19D8C2BAD7B60AB14754F10413BEA11B61D2C7BC8606A6A8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041C1B0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 28stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1BA
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1D6
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(C:\Users\user\AppData\Local\Temp,?,?,00000000,00000000,00406BEE,00000000,00000001,00000000,0000044F,00000000,?,?), ref: 0041C1DE
                                                                                                                                                                                                                  • Part of subcall function 0041C1FE: lstrcpyA.KERNEL32(00002F19,?,?,74DE83C0,00000000), ref: 0041C229
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 0041C1D9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$lstrlen
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                • API String ID: 367037083-47812868
                                                                                                                                                                                                                • Opcode ID: d7730a731d9526bd9789e99a049cd819bae5059f909ad318936f82de2b6dc3c7
                                                                                                                                                                                                                • Instruction ID: 3fb9ed081154d308a89699993afe6f8398f0ec9f026054be5e95f8e449cf2a21
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7730a731d9526bd9789e99a049cd819bae5059f909ad318936f82de2b6dc3c7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BE0D8B1A042017EE21073B69CC9EABEB9CDBC43A5B11442FF10583101CA785C458BB8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040F91F Relevance: 6.0, APIs: 4, Instructions: 15timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Destroy$KillTimer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2681078358-0
                                                                                                                                                                                                                • Opcode ID: 47301a1ddda9636c9b9c3e70a1a0dddafd9843c27aacc3392a6e31a51428e75b
                                                                                                                                                                                                                • Instruction ID: a5e2e049b036be5add2f60f0361dcb7f02dc17732727839bb0a81fc5a49d980e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47301a1ddda9636c9b9c3e70a1a0dddafd9843c27aacc3392a6e31a51428e75b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BD09EB9900121BFCF112F11FD089457F35EB01B63B219037A904921B1C6319D12EFAC
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00403843 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: 0$D$dC
                                                                                                                                                                                                                • API String ID: 3519838083-1428845458
                                                                                                                                                                                                                • Opcode ID: f663bbd3b1082a1f262f303d71e814ebb71d9990f8bd4059b3b656301c1e8459
                                                                                                                                                                                                                • Instruction ID: c5eae3aa936bd71ccebb84c918639b60676541ff291686e1c04dde043f256b9e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f663bbd3b1082a1f262f303d71e814ebb71d9990f8bd4059b3b656301c1e8459
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0441A0B1A00159AFCF11EF9AC8818EEBBB9BF45314B14407FF511B7291C7789A05CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042EB80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCPInfo.KERNEL32(?,00000000), ref: 0042EB94
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Info
                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                • API String ID: 1807457897-3032137957
                                                                                                                                                                                                                • Opcode ID: 0a821ed1029430c8e803b1065f39b960cbbdda599631f8ea96a840a7420dd173
                                                                                                                                                                                                                • Instruction ID: 13ba7e7621bd8eb60eac51b0e2e96a6d293e88608451efaab0844ff600e5c5be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a821ed1029430c8e803b1065f39b960cbbdda599631f8ea96a840a7420dd173
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A41AE312046B81FEF219752ED9ABF73F98EB02704F4400E6E546DB293C2794D04CBAA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041146F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00411474
                                                                                                                                                                                                                  • Part of subcall function 004115D9: __EH_prolog.LIBCMT ref: 004115DE
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                  • Part of subcall function 0041167D: __EH_prolog.LIBCMT ref: 00411682
                                                                                                                                                                                                                  • Part of subcall function 0041167D: CreateFileA.KERNEL32(00000000,?,?,?,?,00000000,?,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080,00000003), ref: 004116DF
                                                                                                                                                                                                                  • Part of subcall function 0041167D: GetLastError.KERNEL32(00000000,00000000,80400100,?,00000001,00000000,004114CD, fC,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000), ref: 004116ED
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast$CreateFileFreeString
                                                                                                                                                                                                                • String ID: fC$This program cannot be run in DOS mode.
                                                                                                                                                                                                                • API String ID: 1070212021-3696150559
                                                                                                                                                                                                                • Opcode ID: cff6414fa7595023bb902432e2a898c3d2ec9f020d58db1d2d93e8181ea4e6fd
                                                                                                                                                                                                                • Instruction ID: 5bc57370119887a7d1eb519d78be6849c93cf69bc9b82bb7813341162c59db84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cff6414fa7595023bb902432e2a898c3d2ec9f020d58db1d2d93e8181ea4e6fd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF419D71C05188FEEB15DBA5C892FDDBB78AB14308F10816EB612731D2DB785B48CB29
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004036C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: $dC
                                                                                                                                                                                                                • API String ID: 3519838083-4089390767
                                                                                                                                                                                                                • Opcode ID: 0b7bf2d79cac2c61fea6ea1195c98bf55fcd174d2535651c05b4b2dc10e276ea
                                                                                                                                                                                                                • Instruction ID: 0e5cb677093919f96c51313ac13462ce53f02901885fa5f5b983c394e4ac032c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b7bf2d79cac2c61fea6ea1195c98bf55fcd174d2535651c05b4b2dc10e276ea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09315476901158AACF05FBE5DD519DEB7B8AF58304F4040AFF515B3281DA389B08CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404095 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                                                • String ID: oA$oA
                                                                                                                                                                                                                • API String ID: 3519838083-3252803861
                                                                                                                                                                                                                • Opcode ID: 31c94be06539338a22e3c3ba8affeae435d6bc2194014d2322fc57a0b69f6eb8
                                                                                                                                                                                                                • Instruction ID: 6ff21e8dd4e4ee463439e084901f84ae0f6843b6775f2f5d89caf7ca4d44a8e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31c94be06539338a22e3c3ba8affeae435d6bc2194014d2322fc57a0b69f6eb8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51318FB5900269ABCF01EF99DC41AEDB778FF99354F04406BF9217B291D7389A40CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040B0D2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040B0D7
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040B7F0: __EH_prolog.LIBCMT ref: 0040B7F5
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: 12e441cdc41f269c281bfe20690e5af504177eaca990f023f0aca30622f8319e
                                                                                                                                                                                                                • Instruction ID: 7b199473f5d1b95373972fb1bcb67e27d69753214de2684444ed625af78a104d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12e441cdc41f269c281bfe20690e5af504177eaca990f023f0aca30622f8319e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6021807180024DFADB01EB95D855BDDBB78EF14318F1080AEB44577282DB785B88CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042445B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Event
                                                                                                                                                                                                                • String ID: d
                                                                                                                                                                                                                • API String ID: 4201588131-2564639436
                                                                                                                                                                                                                • Opcode ID: 9cfa73652d1c49bc069a7d4368438f8c1e96c0ef9c56376d5661386b0769ed75
                                                                                                                                                                                                                • Instruction ID: dee9326ae1135eeb6f333d7cc8903640207381a442cf6d0da2459b2cfeafab07
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cfa73652d1c49bc069a7d4368438f8c1e96c0ef9c56376d5661386b0769ed75
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14218B30600610DFCB24EF10E44496ABBF0FF48311B148A1FEA4B8B360C739E950CB95
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041A7C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041A7C5
                                                                                                                                                                                                                  • Part of subcall function 0041AA5B: __EH_prolog.LIBCMT ref: 0041AA60
                                                                                                                                                                                                                  • Part of subcall function 0041AA5B: GetLastError.KERNEL32(00436474,00000001,0043647C,?,0041A7F9,00000001,?,?,00000000,?,00000000,00000000), ref: 0041AA89
                                                                                                                                                                                                                  • Part of subcall function 0041AA5B: SetLastError.KERNEL32(?,?,?,00000000,?,0041A7F9,00000001,?,?,00000000,?,00000000,00000000), ref: 0041AAC6
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: 472adc4613dbfcf98fdc9a57b51cf872335f79b3b242de0fb8bb6ae10cd1ee8b
                                                                                                                                                                                                                • Instruction ID: cba529d305814b313a75e1f15e9f0031bd61ac04eb5562c03d9d9d66f7cdb09c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 472adc4613dbfcf98fdc9a57b51cf872335f79b3b242de0fb8bb6ae10cd1ee8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 551152B1A00119BFDB04EF99D891BEDBBB4EF48714F00412EF556A7281D7745A44CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00415C68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00415C6D
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: __EH_prolog.LIBCMT ref: 00401CF7
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: GetLastError.KERNEL32(004364B4,00000004,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D1A
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SysFreeString.OLEAUT32(?), ref: 00401D38
                                                                                                                                                                                                                  • Part of subcall function 00401CF2: SetLastError.KERNEL32(?,00000001,?,0041EEC5,?,00000004,?,?,00000000,?,?,?,00000000,02151168,00000000,00000000), ref: 00401D58
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: 558595eb1f607aaee781d05ce8f0efcb10b5d91bc51e9d152eff9e3cb44fc93c
                                                                                                                                                                                                                • Instruction ID: a042ba52413c6653b53802d263d0cf90c75a5959a7471727fc2be3bcc9c0c15d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 558595eb1f607aaee781d05ce8f0efcb10b5d91bc51e9d152eff9e3cb44fc93c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2118FB0900248EFD700DF55C841B9CBBB8FF58318F10816EE585A7292C7B99B09C758
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041A262 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041A267
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: 9de5100f2397164b26d5d029ef38f587b1ee8eae89a87a7ca1dbdb3a237b1a9e
                                                                                                                                                                                                                • Instruction ID: e182853330e281fa921cad20f8be88d2e6346f11047db1867ff033400ea9236c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9de5100f2397164b26d5d029ef38f587b1ee8eae89a87a7ca1dbdb3a237b1a9e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47012D71E00119ABCB04EF99D891BEEBBB5FF49314F10412EF556A3281D7785A44CB94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040AE3F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040AE44
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040BA9A: __EH_prolog.LIBCMT ref: 0040BA9F
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: 57f6262c381c9f2e7c992350a1435b10f020baa24db037c19cf79438882468c1
                                                                                                                                                                                                                • Instruction ID: 22676a08bf88cdf449713e86d3113fc6fe97e914ee0090294b2b2e90e2e2c1d4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57f6262c381c9f2e7c992350a1435b10f020baa24db037c19cf79438882468c1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 120180B1E10208ABDB04EF96D852BADBBB4EB54318F10852FF551B7291CB791A04CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420999 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(0000044F,00000000,?,?,00406D71,00000003,00000000,0000044F,?,00000000,00000000,00406C10,?,00000400,00000000,00000000), ref: 004209C8
                                                                                                                                                                                                                  • Part of subcall function 0042093B: CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?), ref: 00420971
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateDriveFileType
                                                                                                                                                                                                                • String ID: :$\
                                                                                                                                                                                                                • API String ID: 3443067566-1166558509
                                                                                                                                                                                                                • Opcode ID: 117338bb25be7c60541edc00c7e00a969321b4f881a40084fbf4d8556babc1ac
                                                                                                                                                                                                                • Instruction ID: 8d76c40d582edbda5c93b50a51ebe3aa5d633811f6f88c3c50b0681745e1af0b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 117338bb25be7c60541edc00c7e00a969321b4f881a40084fbf4d8556babc1ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6014C211093D69DEB028F7868446CB3FE85F12314F84855FE8E5C7243C268D545D3A5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004014FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00401504
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,74DF2EE0,?,0041FD71,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040156A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                                                • String ID: tdC
                                                                                                                                                                                                                • API String ID: 1057991267-1123919639
                                                                                                                                                                                                                • Opcode ID: 9d06591a953dcc7f500b30523958f3122be2a8849f42bb75246968820dd21d47
                                                                                                                                                                                                                • Instruction ID: d4af67f8dc7764b3658b3d71a76f38b10349cb27429a5bc3892a5fbcfb7487f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d06591a953dcc7f500b30523958f3122be2a8849f42bb75246968820dd21d47
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD015E71A10224FFDB159F18D804B9E7BA4EF48754F10C12FF8466B2A1C7B9C940CB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041834C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00418351
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004183B2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                                                • String ID: tdC
                                                                                                                                                                                                                • API String ID: 1057991267-1123919639
                                                                                                                                                                                                                • Opcode ID: cc95a13b85deabe8b484693a4dc3fe6e93518c4881bd53c41e0e0790658e5ce4
                                                                                                                                                                                                                • Instruction ID: 2f23559317f839ab5a6707a1ee6c52fdf6a402d762335ad3fff78f9984a21864
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc95a13b85deabe8b484693a4dc3fe6e93518c4881bd53c41e0e0790658e5ce4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF01B171A00114AFCB10EF98C841BCDB7F8BB19704F40806BF455A7251C779EA04CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004183C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004183CE
                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 0041842F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                                                • String ID: tdC
                                                                                                                                                                                                                • API String ID: 1057991267-1123919639
                                                                                                                                                                                                                • Opcode ID: 13545118e991915a191e7dcb664a5304a1e360b444a4104a347984a8e2264813
                                                                                                                                                                                                                • Instruction ID: 701694f4eefdf0509fa743e840166c77ac241e76f0208cdc6c682033d5b8ea43
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13545118e991915a191e7dcb664a5304a1e360b444a4104a347984a8e2264813
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB014F72A00118AFCB10EF98D845BDDBBB8FF19704F40856BF955A7251DB78D604CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0041A939 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0041A93E
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: __EH_prolog.LIBCMT ref: 00403B32
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: GetLastError.KERNEL32(?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403B5A
                                                                                                                                                                                                                  • Part of subcall function 00403B2D: SetLastError.KERNEL32(?,?,00000000,00000000,?,00000104,00000000,?,00402244,?,00000000,02151168,00000000), ref: 00403BA7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 2881783280-2508346183
                                                                                                                                                                                                                • Opcode ID: 263b45e33c08fbedf47fd16caeed62215be697befb0e1f4dc9e477ab3fb34d7a
                                                                                                                                                                                                                • Instruction ID: 0edc7260ceb2312f7bc4674e3df4cda40b2127530431ca00be17397fed7a48da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 263b45e33c08fbedf47fd16caeed62215be697befb0e1f4dc9e477ab3fb34d7a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A01A2B1A00300EFC310DF59C841B99BBB8FF59759F10862FE1856B282C3B9A901CB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401FDD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00401FE2
                                                                                                                                                                                                                  • Part of subcall function 00402375: __EH_prolog.LIBCMT ref: 0040237A
                                                                                                                                                                                                                  • Part of subcall function 004025BC: __EH_prolog.LIBCMT ref: 004025C1
                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00442430,?,00000400,0000000A,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}), ref: 0040201F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}, xrefs: 00401FEA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: H_prolog$lstrlen
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B}
                                                                                                                                                                                                                • API String ID: 3243491680-2458444898
                                                                                                                                                                                                                • Opcode ID: fcc9302376ed615e3f06203a8d169f2937e8e301ad6cfab5676a110c70419744
                                                                                                                                                                                                                • Instruction ID: 67af6ce5f0d8ee3eb0e9c197428977594d579b92a2aa7334592d32d1a3883eba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fcc9302376ed615e3f06203a8d169f2937e8e301ad6cfab5676a110c70419744
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20015E71A00214EACB15EFA5D905BDEBB34EF18754F10C12BF911761D1D7B94A04CB58
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00418A3F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00418A44
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: __EH_prolog.LIBCMT ref: 0040B652
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: GetLastError.KERNEL32(00436474,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B67A
                                                                                                                                                                                                                  • Part of subcall function 0040B64D: SetLastError.KERNEL32(?,?,00000000,00000000,?,0043647C,?,0040AF26,?,00000000,00000001,?,00000000), ref: 0040B6C7
                                                                                                                                                                                                                  • Part of subcall function 0040191F: GetLastError.KERNEL32(02151168,00000000,0041E21A,removeasmajorupgrade,00000000,00000000,00000001,?,?,00000000,reboot,00000000,00000000,00000000,runfromtemp,00000000), ref: 00401935
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SysFreeString.OLEAUT32(?), ref: 00401953
                                                                                                                                                                                                                  • Part of subcall function 0040191F: SetLastError.KERNEL32(?,00000001,?,00000000), ref: 00401973
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast$H_prolog$FreeString
                                                                                                                                                                                                                • String ID: tdC$|dC
                                                                                                                                                                                                                • API String ID: 3800368667-2508346183
                                                                                                                                                                                                                • Opcode ID: fef27b64c982a60b77faf457629fa501110ed1f6c9690ceb78a6f51dbbc2df8c
                                                                                                                                                                                                                • Instruction ID: 69e3924d612c7ef8779b48dcdf7b136d82b49f5f74da0cec4090a5d861999f35
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fef27b64c982a60b77faf457629fa501110ed1f6c9690ceb78a6f51dbbc2df8c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BF01D72D00109DFCB04DF99C9519DEBBB8EF99318F10412BE451B2191D7745F05CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042045D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 004204D4: wsprintfA.USER32 ref: 004204E6
                                                                                                                                                                                                                  • Part of subcall function 004204D4: LoadStringA.USER32(?,?,?), ref: 00420511
                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00420493
                                                                                                                                                                                                                • wvsprintfA.USER32(?,?,?), ref: 004204AE
                                                                                                                                                                                                                  • Part of subcall function 0042027C: __EH_prolog.LIBCMT ref: 00420281
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wsprintf$H_prologLoadStringwvsprintf
                                                                                                                                                                                                                • String ID: %d: %s
                                                                                                                                                                                                                • API String ID: 2226253583-204819183
                                                                                                                                                                                                                • Opcode ID: 4fc894be5b05215798529dd5ec7e1bd0f694879f3908cd3d13c7ea0eb2295e2b
                                                                                                                                                                                                                • Instruction ID: b21bb332237c11868d2d513a136e1dd9fa04a681cdbf1b0ff5784d441641571e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fc894be5b05215798529dd5ec7e1bd0f694879f3908cd3d13c7ea0eb2295e2b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EF0D07290021DBBDF11ABA4DC46FDA77BCAB08314F4081E6B705E6091EA75D7588FD4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A8FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 0040A90A
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040A914
                                                                                                                                                                                                                  • Part of subcall function 004016F0: lstrlenW.KERNEL32(00436494,74DF34C0,74DF2EE0,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003,00000000,00000003,00000080), ref: 00401743
                                                                                                                                                                                                                  • Part of subcall function 004016F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00436494,000000FF,?,00000002,00000000,00000000,?,0041FD7B,?,?,00000001,?,80000000,00000003), ref: 0040176B
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wsprintfA.USER32 ref: 00420493
                                                                                                                                                                                                                  • Part of subcall function 0042045D: wvsprintfA.USER32(?,?,?), ref: 004204AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressByteCharErrorLastMultiProcWidelstrlenwsprintfwvsprintf
                                                                                                                                                                                                                • String ID: RunISMSISetup
                                                                                                                                                                                                                • API String ID: 834041595-1536503584
                                                                                                                                                                                                                • Opcode ID: ba5ed832308c704d68d47ecad04e6d25704d60e135ba702c82f079d91d6cc2d0
                                                                                                                                                                                                                • Instruction ID: 189dd3c9ebe406b227483d4e7afd61c4877c0a8b417075c182ddb418031b3845
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba5ed832308c704d68d47ecad04e6d25704d60e135ba702c82f079d91d6cc2d0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE026723002013BEB406BA9FC09F1B66DDABE4751F06853BB100D21E2DEBAC450862D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004292EC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RaiseException.KERNEL32({mB,00000000,?,00436FFC,00000000,invalid string position,00426D7B,00000000,0043B530,?,invalid string position), ref: 0042931A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                • String ID: invalid string position${mB
                                                                                                                                                                                                                • API String ID: 3997070919-210406068
                                                                                                                                                                                                                • Opcode ID: 213c3d11ada611903d317cea82785d1ebbc25234b23a3883fce79447d404e764
                                                                                                                                                                                                                • Instruction ID: 89ad06c49c8ceb42e11442123743c1fee4f871a630eb713510b92808756806c9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 213c3d11ada611903d317cea82785d1ebbc25234b23a3883fce79447d404e764
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3E0C276D00118ABCF11DF99D8448DFBBB9FB49310F008066FA14A7250D675AA15DBA0
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408BAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00408BB3
                                                                                                                                                                                                                  • Part of subcall function 00408D39: __EH_prolog.LIBCMT ref: 00408D3E
                                                                                                                                                                                                                  • Part of subcall function 00408D39: GetLastError.KERNEL32(?,00000000,?,00408BE1,00000000,?,?,?,00408204,?,?), ref: 00408D6A
                                                                                                                                                                                                                  • Part of subcall function 00408D39: SetLastError.KERNEL32(?,?,00000000,?,00408BE1,00000000,?,?,?,00408204,?,?), ref: 00408DA0
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                                                • String ID: 0eC$8eC
                                                                                                                                                                                                                • API String ID: 1057991267-2148713941
                                                                                                                                                                                                                • Opcode ID: b3aa60c2f6bc64c1c7e83af34da1d4dc78ff895105e20173d77323f9ec949c22
                                                                                                                                                                                                                • Instruction ID: f3aa5d847be860d488a9080714b721ef66f797669a23cb03341e87fc187a953d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3aa60c2f6bc64c1c7e83af34da1d4dc78ff895105e20173d77323f9ec949c22
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE065B2610611BBC7149F4DA40174AFBF4EF85725F50C61F915597680C7F85905CB64
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042BFE1 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,00000000,00000000,0042BDA9,00000000,00000000,00000000,00427B05,00000000,00000000,?,00000000,00000000,00000000), ref: 0042C009
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0042BDA9,00000000,00000000,00000000,00427B05,00000000,00000000,?,00000000,00000000,00000000), ref: 0042C03D
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0042C057
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 0042C06E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3499195154-0
                                                                                                                                                                                                                • Opcode ID: fb2d45dc5e7a689f362c032790783421a09030d1a23f9c45e20f115d5fee699f
                                                                                                                                                                                                                • Instruction ID: b1c3c1f9c8a42d4823e600ca0c59d2bb66a223fb317fd7d2f77be42cdab14fc9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb2d45dc5e7a689f362c032790783421a09030d1a23f9c45e20f115d5fee699f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71118C34200311EFD7208F68ECC49267BB5FB873107528669F2A2C36B0CB71A815DF09
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420A03 Relevance: 5.0, APIs: 4, Instructions: 49stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?,74DE8B60,?,00000000), ref: 00420A29
                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00420A42
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 00420A5F
                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,00000000), ref: 00420A65
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcpy$CharNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3801418090-0
                                                                                                                                                                                                                • Opcode ID: 0c95d8e512be1591f39e4e4d5209e5fa10a167b12701b879d34eee1713077716
                                                                                                                                                                                                                • Instruction ID: b66b5ef3bd2c6a807e2a13699375af3b32bbff36333e851d1510f25ddf115b54
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c95d8e512be1591f39e4e4d5209e5fa10a167b12701b879d34eee1713077716
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E01D6767003296ADB119664AC40FAB3FEC9B40354F940067B704D2191DA78CD418BA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00420CA9 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,75BF3530,00420CA1,00000104,00420B1C,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420CBB
                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,75BF3530,00420CA1,00000104,00420B1C,?,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420CD5
                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420CDD
                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,00401E26,?,C:\Users\user\AppData\Local\Temp\{8929CE83-143A-4A6A-A32A-AA9D4E2B602B},?,?,?,00000104), ref: 00420CE2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3213498283-0
                                                                                                                                                                                                                • Opcode ID: aa0d378638837d90e1ed184b6c5803bc4aa9c99046c41d95c7bbb2196ab1612e
                                                                                                                                                                                                                • Instruction ID: 4a4bcce4f00baf5a8eb1816147accbe9e1ce02f4e722cdc25c13635c88f0fe02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa0d378638837d90e1ed184b6c5803bc4aa9c99046c41d95c7bbb2196ab1612e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF096E1A845A63CE72A022ABC847A75FC55B87310F950157D581D3257C7AC4C83876B
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004243DD Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                • Opcode ID: 973423223f8db1b3dd126d3fa034a3253b6e9574ef644ac6be8210035cb1157b
                                                                                                                                                                                                                • Instruction ID: 8a6d3a59ea1779c3871547816bf13e752934ac025b526a14b63e7f670cde6a04
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 973423223f8db1b3dd126d3fa034a3253b6e9574ef644ac6be8210035cb1157b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FF0823130063157DA217F15E80465FA654EFD1B11BA6842BDC0197251CB7D9843556D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0042B6CB Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,0042AA12,?,004299DC), ref: 0042B6D8
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,0042AA12,?,004299DC), ref: 0042B6E0
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,0042AA12,?,004299DC), ref: 0042B6E8
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,0042AA12,?,004299DC), ref: 0042B6F0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1843354526.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843323542.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843399289.0000000000436000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843428963.000000000043D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843453462.000000000043F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000441000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843485231.0000000000444000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1843554992.0000000000447000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_SweetIMSetup.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalInitializeSection
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 32694325-0
                                                                                                                                                                                                                • Opcode ID: e6e2bee7fd24386475d66461fecf64163ab64661aee87027dfbd6cf9e340ad78
                                                                                                                                                                                                                • Instruction ID: ff29326827c866b612dfd583c42f224a55d16067aa91b5a305fe8cdc9d3ee7f4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e2bee7fd24386475d66461fecf64163ab64661aee87027dfbd6cf9e340ad78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3C00231C00035ABCA1E3B66FE05C4A3FA6EB042A03096073E5085143087211C18DFD8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:2.5%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                Total number of Nodes:1589
                                                                                                                                                                                                                Total number of Limit Nodes:19
                                                                                                                                                                                                                execution_graph 6893 405bc0 6898 403b5f 6893->6898 6895 405bce 6896 405be2 6895->6896 6897 403865 50 API calls 6895->6897 6897->6895 6899 404451 __lock 36 API calls 6898->6899 6900 403b64 6899->6900 6901 403b74 6900->6901 6902 405b85 ___initmbctable 36 API calls 6900->6902 6905 403a97 6901->6905 6902->6901 6907 403aae 6905->6907 6910 403b2d 6905->6910 6906 403ad5 6909 406048 ___initmbctable 61 API calls 6906->6909 6906->6910 6907->6906 6908 40597d ___initmbctable 50 API calls 6907->6908 6907->6910 6908->6906 6909->6910 6910->6895 6281 406142 6302 408f19 6281->6302 6284 40617a MultiByteToWideChar 6286 406197 LCMapStringW 6284->6286 6287 40627d 6284->6287 6285 403a85 __lock 36 API calls 6288 406167 6285->6288 6286->6287 6289 4061b6 6286->6289 6290 40628a 6287->6290 6292 40396d ___free_lc_time 36 API calls 6287->6292 6288->6284 6295 406298 __lock 6288->6295 6291 4061bc 6289->6291 6296 4061e9 _fast_error_exit 6289->6296 6293 40396d ___free_lc_time 36 API calls 6290->6293 6290->6295 6291->6287 6294 4061ce LCMapStringW 6291->6294 6292->6290 6293->6295 6294->6287 6297 406244 LCMapStringW 6296->6297 6299 403a85 __lock 36 API calls 6296->6299 6297->6287 6298 40625c WideCharToMultiByte 6297->6298 6298->6287 6300 406235 6299->6300 6300->6287 6300->6297 6313 405940 6302->6313 6305 408f3d GetSystemInfo 6309 408f74 6305->6309 6311 40614a 6305->6311 6306 408fd5 6307 408fd8 VirtualProtect 6306->6307 6307->6311 6308 408f81 VirtualQuery 6308->6309 6308->6311 6309->6306 6309->6308 6310 408f9f 6309->6310 6310->6311 6312 408fbf VirtualAlloc 6310->6312 6311->6284 6311->6285 6312->6307 6314 405947 VirtualQuery 6313->6314 6314->6305 6314->6311 6911 4044c2 6913 4044ce __lock 6911->6913 6912 4045e6 __lock 6913->6912 6914 4044e8 6913->6914 6915 40396d ___free_lc_time 36 API calls 6913->6915 6916 4044f6 6914->6916 6917 40396d ___free_lc_time 36 API calls 6914->6917 6915->6914 6918 404504 6916->6918 6920 40396d ___free_lc_time 36 API calls 6916->6920 6917->6916 6919 404512 6918->6919 6921 40396d ___free_lc_time 36 API calls 6918->6921 6922 404520 6919->6922 6923 40396d ___free_lc_time 36 API calls 6919->6923 6920->6918 6921->6919 6924 40452e 6922->6924 6925 40396d ___free_lc_time 36 API calls 6922->6925 6923->6922 6926 40453f 6924->6926 6928 40396d ___free_lc_time 36 API calls 6924->6928 6925->6924 6927 404afe __lock 36 API calls 6926->6927 6931 404547 6927->6931 6928->6926 6929 404567 6941 4045f4 6929->6941 6931->6929 6933 40396d ___free_lc_time 36 API calls 6931->6933 6933->6929 6934 404afe __lock 36 API calls 6937 404578 6934->6937 6935 4045d6 6968 404600 6935->6968 6937->6935 6944 4059f4 6937->6944 6939 40396d ___free_lc_time 36 API calls 6939->6912 6971 404a49 LeaveCriticalSection 6941->6971 6943 404571 6943->6934 6947 405a68 6944->6947 6948 405a07 6944->6948 6945 405ab8 6946 40396d ___free_lc_time 36 API calls 6945->6946 6949 405ac0 6946->6949 6950 40396d ___free_lc_time 36 API calls 6947->6950 6952 405a91 6947->6952 6948->6947 6957 405a33 6948->6957 6960 40396d ___free_lc_time 36 API calls 6948->6960 6949->6935 6953 405a83 6950->6953 6951 405a56 6954 40396d ___free_lc_time 36 API calls 6951->6954 6952->6945 6996 408177 6952->6996 6956 40396d ___free_lc_time 36 API calls 6953->6956 6958 405a60 6954->6958 6956->6952 6957->6951 6961 40396d ___free_lc_time 36 API calls 6957->6961 6962 40396d ___free_lc_time 36 API calls 6958->6962 6964 405a2b 6960->6964 6966 405a4e 6961->6966 6962->6947 6963 40396d ___free_lc_time 36 API calls 6963->6945 6972 408366 6964->6972 6988 408307 6966->6988 7084 404a49 LeaveCriticalSection 6968->7084 6970 4045e0 6970->6939 6971->6943 6973 408373 6972->6973 6987 40843c 6972->6987 6976 40396d ___free_lc_time 36 API calls 6973->6976 6979 40838f 6973->6979 6974 4083c9 6978 4083e6 6974->6978 6983 40396d ___free_lc_time 36 API calls 6974->6983 6975 4083ac 6975->6974 6981 40396d ___free_lc_time 36 API calls 6975->6981 6976->6979 6977 40396d ___free_lc_time 36 API calls 6977->6975 6980 408403 6978->6980 6984 40396d ___free_lc_time 36 API calls 6978->6984 6979->6975 6979->6977 6982 408420 6980->6982 6985 40396d ___free_lc_time 36 API calls 6980->6985 6981->6974 6986 40396d ___free_lc_time 36 API calls 6982->6986 6982->6987 6983->6978 6984->6980 6985->6982 6986->6987 6987->6957 6989 408310 6988->6989 6995 408363 6988->6995 6990 40832a 6989->6990 6992 40396d ___free_lc_time 36 API calls 6989->6992 6991 408347 6990->6991 6993 40396d ___free_lc_time 36 API calls 6990->6993 6994 40396d ___free_lc_time 36 API calls 6991->6994 6991->6995 6992->6990 6993->6991 6994->6995 6995->6951 6997 408184 6996->6997 7083 405ab0 6996->7083 6998 40396d ___free_lc_time 36 API calls 6997->6998 6999 40818c 6998->6999 7000 40396d ___free_lc_time 36 API calls 6999->7000 7001 408194 7000->7001 7002 40396d ___free_lc_time 36 API calls 7001->7002 7003 40819c 7002->7003 7004 40396d ___free_lc_time 36 API calls 7003->7004 7005 4081a4 7004->7005 7006 40396d ___free_lc_time 36 API calls 7005->7006 7007 4081ac 7006->7007 7008 40396d ___free_lc_time 36 API calls 7007->7008 7009 4081b4 7008->7009 7010 40396d ___free_lc_time 36 API calls 7009->7010 7011 4081bb 7010->7011 7012 40396d ___free_lc_time 36 API calls 7011->7012 7013 4081c3 7012->7013 7014 40396d ___free_lc_time 36 API calls 7013->7014 7015 4081cb 7014->7015 7016 40396d ___free_lc_time 36 API calls 7015->7016 7017 4081d3 7016->7017 7018 40396d ___free_lc_time 36 API calls 7017->7018 7019 4081db 7018->7019 7020 40396d ___free_lc_time 36 API calls 7019->7020 7021 4081e3 7020->7021 7022 40396d ___free_lc_time 36 API calls 7021->7022 7023 4081eb 7022->7023 7024 40396d ___free_lc_time 36 API calls 7023->7024 7025 4081f3 7024->7025 7026 40396d ___free_lc_time 36 API calls 7025->7026 7027 4081fb 7026->7027 7028 40396d ___free_lc_time 36 API calls 7027->7028 7029 408203 7028->7029 7030 40396d ___free_lc_time 36 API calls 7029->7030 7031 40820e 7030->7031 7032 40396d ___free_lc_time 36 API calls 7031->7032 7033 408216 7032->7033 7034 40396d ___free_lc_time 36 API calls 7033->7034 7035 40821e 7034->7035 7036 40396d ___free_lc_time 36 API calls 7035->7036 7037 408226 7036->7037 7038 40396d ___free_lc_time 36 API calls 7037->7038 7039 40822e 7038->7039 7040 40396d ___free_lc_time 36 API calls 7039->7040 7041 408236 7040->7041 7042 40396d ___free_lc_time 36 API calls 7041->7042 7043 40823e 7042->7043 7044 40396d ___free_lc_time 36 API calls 7043->7044 7045 408246 7044->7045 7046 40396d ___free_lc_time 36 API calls 7045->7046 7047 40824e 7046->7047 7048 40396d ___free_lc_time 36 API calls 7047->7048 7049 408256 7048->7049 7050 40396d ___free_lc_time 36 API calls 7049->7050 7051 40825e 7050->7051 7052 40396d ___free_lc_time 36 API calls 7051->7052 7053 408266 7052->7053 7054 40396d ___free_lc_time 36 API calls 7053->7054 7055 40826e 7054->7055 7056 40396d ___free_lc_time 36 API calls 7055->7056 7057 408276 7056->7057 7058 40396d ___free_lc_time 36 API calls 7057->7058 7059 40827e 7058->7059 7060 40396d ___free_lc_time 36 API calls 7059->7060 7061 408286 7060->7061 7062 40396d ___free_lc_time 36 API calls 7061->7062 7063 408294 7062->7063 7064 40396d ___free_lc_time 36 API calls 7063->7064 7065 40829f 7064->7065 7066 40396d ___free_lc_time 36 API calls 7065->7066 7067 4082aa 7066->7067 7068 40396d ___free_lc_time 36 API calls 7067->7068 7069 4082b5 7068->7069 7070 40396d ___free_lc_time 36 API calls 7069->7070 7071 4082c0 7070->7071 7072 40396d ___free_lc_time 36 API calls 7071->7072 7073 4082cb 7072->7073 7074 40396d ___free_lc_time 36 API calls 7073->7074 7075 4082d6 7074->7075 7076 40396d ___free_lc_time 36 API calls 7075->7076 7077 4082e1 7076->7077 7078 40396d ___free_lc_time 36 API calls 7077->7078 7079 4082ec 7078->7079 7080 40396d ___free_lc_time 36 API calls 7079->7080 7081 4082f7 7080->7081 7082 40396d ___free_lc_time 36 API calls 7081->7082 7082->7083 7083->6963 7084->6970 7298 404b84 7299 404ba2 7298->7299 7301 404c38 __lock 7298->7301 7300 4076b0 5 API calls 7299->7300 7303 404bbd __lock 7300->7303 7302 403408 RtlUnwind 7302->7303 7303->7301 7303->7302 6315 406348 6316 408f19 5 API calls 6315->6316 6317 406350 6316->6317 6318 40637f LCMapStringA 6317->6318 6319 403a85 __lock 36 API calls 6317->6319 6320 4063a0 6318->6320 6321 40639c 6318->6321 6327 406364 ___initmbctable 6319->6327 6322 408d3f ___initmbctable 43 API calls 6320->6322 6323 4063d5 6321->6323 6324 40396d ___free_lc_time 36 API calls 6321->6324 6322->6321 6325 4063ff 6323->6325 6326 40396d ___free_lc_time 36 API calls 6323->6326 6324->6323 6328 406412 __lock 6325->6328 6329 40396d ___free_lc_time 36 API calls 6325->6329 6326->6325 6327->6318 6327->6321 6329->6328 7085 4035c9 7088 4035a6 7085->7088 7087 4035d1 ctype 7089 4035b2 7088->7089 7090 4035ba 7088->7090 7091 40396d ___free_lc_time 36 API calls 7089->7091 7090->7087 7091->7090 6330 40134b 6331 401354 ctype 6330->6331 6334 403509 RaiseException 6331->6334 6333 40137b 6334->6333 6556 40760b 6557 407617 SetLastError 6556->6557 6558 40761f __lock 6556->6558 6557->6558 6559 40930c 6571 40a764 6559->6571 6561 40931f 6562 409311 __lock 6562->6561 6563 404afe __lock 36 API calls 6562->6563 6565 40a581 6563->6565 6564 40a5e9 6582 40a5fb 6564->6582 6565->6564 6569 40a5be DeleteCriticalSection 6565->6569 6574 40ab21 6565->6574 6567 40a5f2 __lock 6570 40396d ___free_lc_time 36 API calls 6569->6570 6570->6565 6585 40a68f 6571->6585 6573 40a76b 6573->6562 6575 40ab2d __lock 6574->6575 6578 40ab3a __lock 6575->6578 6613 409320 6575->6613 6577 40ab4d 6619 40aad5 6577->6619 6578->6565 6786 404a49 LeaveCriticalSection 6582->6786 6584 40a602 6584->6567 6586 40a69b __lock 6585->6586 6587 404afe __lock 36 API calls 6586->6587 6593 40a6aa 6587->6593 6588 40a740 6603 40a75b 6588->6603 6591 40a749 __lock 6591->6573 6593->6588 6594 40a661 45 API calls 6593->6594 6595 40934f 6593->6595 6600 40a72f 6593->6600 6594->6593 6596 409363 EnterCriticalSection 6595->6596 6597 409358 6595->6597 6596->6593 6598 404afe __lock 36 API calls 6597->6598 6599 409361 6598->6599 6599->6593 6606 4093a1 6600->6606 6602 40a73d 6602->6593 6612 404a49 LeaveCriticalSection 6603->6612 6605 40a762 6605->6591 6607 4093b5 LeaveCriticalSection 6606->6607 6608 4093aa 6606->6608 6607->6602 6611 404a49 LeaveCriticalSection 6608->6611 6610 4093b3 6610->6602 6611->6610 6612->6605 6614 409344 EnterCriticalSection 6613->6614 6615 40932d 6613->6615 6614->6577 6615->6614 6616 409334 6615->6616 6617 404afe __lock 36 API calls 6616->6617 6618 409342 6617->6618 6618->6577 6620 40aae4 6619->6620 6621 40ab01 6619->6621 6632 40a604 6620->6632 6629 40ab6a 6621->6629 6627 40aafa 6627->6621 6628 40396d ___free_lc_time 36 API calls 6627->6628 6628->6621 6779 409372 6629->6779 6631 40ab70 6631->6578 6633 40a619 6632->6633 6635 40a635 6632->6635 6633->6635 6656 4091b8 6633->6656 6636 40ad4c 6635->6636 6637 40aaf2 6636->6637 6638 40ad58 6636->6638 6640 40acb1 6637->6640 6638->6637 6639 40396d ___free_lc_time 36 API calls 6638->6639 6639->6637 6641 40acbd __lock 6640->6641 6642 40ad30 6641->6642 6644 40ace8 6641->6644 6643 40762b __lock 36 API calls 6642->6643 6645 40ad35 6643->6645 6646 40a424 37 API calls 6644->6646 6647 407634 36 API calls 6645->6647 6648 40acee 6646->6648 6653 40ad20 __lock 6647->6653 6649 40ad08 6648->6649 6650 40acfc 6648->6650 6652 40762b __lock 36 API calls 6649->6652 6751 40ac2e 6650->6751 6654 40ad02 6652->6654 6653->6627 6766 40ad28 6654->6766 6657 4091c4 __lock 6656->6657 6658 409247 6657->6658 6660 4091ef 6657->6660 6659 40762b __lock 36 API calls 6658->6659 6661 40924c 6659->6661 6674 40a424 6660->6674 6663 407634 36 API calls 6661->6663 6669 409237 __lock 6663->6669 6664 4091f5 6665 409203 6664->6665 6666 409217 6664->6666 6683 408ffc 6665->6683 6668 40762b __lock 36 API calls 6666->6668 6671 40921c 6668->6671 6669->6635 6670 40920f 6709 40923f 6670->6709 6706 407634 6671->6706 6675 40a430 __lock 6674->6675 6676 40a492 EnterCriticalSection 6675->6676 6677 404afe __lock 36 API calls 6675->6677 6682 40a475 __lock 6676->6682 6678 40a458 6677->6678 6679 40a46f 6678->6679 6680 4075a0 __lock 2 API calls 6678->6680 6679->6682 6712 40a4bb 6679->6712 6680->6679 6682->6664 6684 409038 6683->6684 6702 409031 6683->6702 6685 409071 6684->6685 6716 40a4e6 6684->6716 6688 409110 WriteFile 6685->6688 6701 409084 6685->6701 6686 407c25 _fast_error_exit 36 API calls 6689 4091b0 6686->6689 6690 409134 GetLastError 6688->6690 6691 40910e 6688->6691 6689->6670 6690->6691 6692 409170 6691->6692 6695 409149 6691->6695 6691->6702 6693 40762b __lock 36 API calls 6692->6693 6692->6702 6694 40918a 6693->6694 6697 407634 36 API calls 6694->6697 6698 409151 6695->6698 6699 409165 6695->6699 6696 4090d5 WriteFile 6696->6690 6696->6701 6697->6702 6703 40762b __lock 36 API calls 6698->6703 6726 40763d 6699->6726 6701->6691 6701->6692 6701->6696 6702->6686 6704 409156 6703->6704 6705 407634 36 API calls 6704->6705 6705->6702 6707 404451 __lock 36 API calls 6706->6707 6708 407639 6707->6708 6708->6670 6750 40a4c4 LeaveCriticalSection 6709->6750 6711 409245 6711->6669 6715 404a49 LeaveCriticalSection 6712->6715 6714 40a4c2 6714->6676 6715->6714 6743 40a3e3 6716->6743 6718 40a502 6719 40a517 SetFilePointer 6718->6719 6720 40a50a 6718->6720 6722 40a52f GetLastError 6719->6722 6724 40a50f 6719->6724 6721 40762b __lock 36 API calls 6720->6721 6721->6724 6723 40a539 6722->6723 6722->6724 6725 40763d 36 API calls 6723->6725 6724->6685 6725->6724 6727 404451 __lock 36 API calls 6726->6727 6728 407643 6727->6728 6729 407673 6728->6729 6730 40765b 6728->6730 6731 404451 __lock 36 API calls 6729->6731 6733 407684 6730->6733 6735 407665 6730->6735 6732 407678 6731->6732 6732->6702 6734 4076a2 6733->6734 6736 407694 6733->6736 6737 404451 __lock 36 API calls 6734->6737 6738 404451 __lock 36 API calls 6735->6738 6739 404451 __lock 36 API calls 6736->6739 6740 4076a7 6737->6740 6741 40766a 6738->6741 6742 407699 6739->6742 6740->6702 6741->6702 6742->6702 6744 40a3ef 6743->6744 6745 40a40a 6744->6745 6746 40762b __lock 36 API calls 6744->6746 6745->6718 6747 40a412 6746->6747 6748 407634 36 API calls 6747->6748 6749 40a41d 6748->6749 6749->6718 6750->6711 6752 40a3e3 36 API calls 6751->6752 6753 40ac3a 6752->6753 6754 40ac7c 6753->6754 6756 40ac5a 6753->6756 6757 40a3e3 36 API calls 6753->6757 6769 40a364 6754->6769 6756->6754 6758 40a3e3 36 API calls 6756->6758 6760 40ac51 6757->6760 6762 40ac66 CloseHandle 6758->6762 6761 40a3e3 36 API calls 6760->6761 6761->6756 6762->6754 6764 40ac72 GetLastError 6762->6764 6763 40aca6 6763->6654 6764->6754 6765 40763d 36 API calls 6765->6763 6778 40a4c4 LeaveCriticalSection 6766->6778 6768 40ad2e 6768->6653 6770 40a372 6769->6770 6771 40a3ca 6769->6771 6770->6771 6777 40a398 6770->6777 6772 40762b __lock 36 API calls 6771->6772 6773 40a3cf 6772->6773 6774 407634 36 API calls 6773->6774 6775 40a3c0 6774->6775 6775->6763 6775->6765 6776 40a3ba SetStdHandle 6776->6775 6777->6775 6777->6776 6778->6768 6780 409396 LeaveCriticalSection 6779->6780 6781 40937f 6779->6781 6780->6631 6781->6780 6782 409386 6781->6782 6785 404a49 LeaveCriticalSection 6782->6785 6784 409394 6784->6631 6785->6784 6786->6584 6335 40474e 6338 4046f8 __lock 6335->6338 6336 404718 6337 404edf _fast_error_exit 36 API calls 6336->6337 6339 40757f 6337->6339 6338->6336 6341 404451 __lock 36 API calls 6338->6341 6347 409493 6339->6347 6343 404709 6341->6343 6342 407586 6344 404eb0 _fast_error_exit 36 API calls 6342->6344 6343->6336 6346 404451 __lock 36 API calls 6343->6346 6345 40758f InitializeCriticalSection 6344->6345 6346->6336 6349 40949f __lock 6347->6349 6348 4094b9 6351 404eb0 _fast_error_exit 36 API calls 6348->6351 6352 409541 6348->6352 6356 4094c6 __lock 6348->6356 6349->6348 6350 404451 __lock 36 API calls 6349->6350 6350->6348 6351->6352 6353 404afe __lock 36 API calls 6352->6353 6354 40954c 6352->6354 6353->6354 6357 4095ce 6354->6357 6356->6342 6358 4095d3 6357->6358 6359 4095d9 6357->6359 6361 404a49 LeaveCriticalSection 6358->6361 6359->6356 6361->6359 5462 403690 5463 40369c __lock _fast_error_exit 5462->5463 5464 4036a8 GetVersionExA 5463->5464 5465 4036f0 GetModuleHandleA 5464->5465 5466 4036e4 5464->5466 5469 40370c 5465->5469 5466->5465 5468 40375e 5470 40376a 5468->5470 5597 40366c 5468->5597 5514 4058e8 HeapCreate 5469->5514 5605 404609 5470->5605 5473 403770 5474 403774 5473->5474 5475 40377c 5473->5475 5476 40366c _fast_error_exit 36 API calls 5474->5476 5522 405648 5475->5522 5477 40377b 5476->5477 5477->5475 5480 403795 GetCommandLineA 5537 405526 5480->5537 5481 40378d 5623 403647 5481->5623 5487 4037af 5488 4037b3 5487->5488 5489 4037bb 5487->5489 5490 403647 __lock 36 API calls 5488->5490 5560 405251 5489->5560 5492 4037ba 5490->5492 5492->5489 5494 4037c4 5496 403647 __lock 36 API calls 5494->5496 5495 4037cc 5572 404d72 5495->5572 5498 4037cb 5496->5498 5498->5495 5500 4037e2 GetStartupInfoA 5576 4051f4 5500->5576 5501 4037db 5502 403647 __lock 36 API calls 5501->5502 5504 4037e1 5502->5504 5504->5500 5505 4037f4 5506 4037fd 5505->5506 5507 403806 GetModuleHandleA 5506->5507 5580 401bf0 5507->5580 5509 403814 5510 403824 5509->5510 5594 404e9f 5509->5594 5636 404ec1 5510->5636 5513 403829 __lock 5515 405932 5514->5515 5516 405908 5514->5516 5515->5468 5517 405935 5516->5517 5518 405917 5516->5518 5517->5468 5639 40641e HeapAlloc 5518->5639 5521 405926 HeapDestroy 5521->5515 5641 403a85 5522->5641 5525 40569d GetStartupInfoA 5526 4057a0 5525->5526 5534 4056b7 5525->5534 5527 405830 SetHandleCount 5526->5527 5528 4057cf GetStdHandle 5526->5528 5529 403789 5526->5529 5535 4075a0 __lock 2 API calls 5526->5535 5527->5529 5528->5526 5530 4057dd GetFileType 5528->5530 5529->5480 5529->5481 5530->5526 5531 403a85 __lock 36 API calls 5531->5534 5532 40574e GetFileType 5536 405728 5532->5536 5534->5526 5534->5531 5534->5536 5535->5526 5536->5526 5536->5529 5536->5532 5644 4075a0 5536->5644 5538 405542 GetEnvironmentStringsW 5537->5538 5539 405561 5537->5539 5541 40554a 5538->5541 5542 405556 GetLastError 5538->5542 5540 4055f1 5539->5540 5539->5541 5543 4055fd GetEnvironmentStrings 5540->5543 5545 4037a5 5540->5545 5544 405578 GetEnvironmentStringsW 5541->5544 5548 405580 5541->5548 5542->5539 5543->5545 5546 405609 5543->5546 5544->5545 5544->5548 5629 405484 5545->5629 5551 403a85 __lock 36 API calls 5546->5551 5547 405595 WideCharToMultiByte 5549 4055b4 5547->5549 5550 4055e6 FreeEnvironmentStringsW 5547->5550 5548->5547 5548->5548 5552 403a85 __lock 36 API calls 5549->5552 5550->5545 5559 405622 5551->5559 5553 4055ba 5552->5553 5553->5550 5554 4055c3 WideCharToMultiByte 5553->5554 5556 4055dd 5554->5556 5557 4055d4 5554->5557 5555 405638 FreeEnvironmentStringsA 5555->5545 5556->5550 5558 40396d ___free_lc_time 36 API calls 5557->5558 5558->5556 5559->5555 5561 40525e 5560->5561 5565 405263 _strlen 5560->5565 5760 40755a 5561->5760 5563 403a85 __lock 36 API calls 5570 405294 _strcat _strlen 5563->5570 5564 4037c0 5564->5494 5564->5495 5565->5563 5565->5564 5566 4052dd 5567 40396d ___free_lc_time 36 API calls 5566->5567 5567->5564 5568 403a85 __lock 36 API calls 5568->5570 5569 405302 5571 40396d ___free_lc_time 36 API calls 5569->5571 5570->5564 5570->5566 5570->5568 5570->5569 5571->5564 5574 404d7b 5572->5574 5575 4037d3 5574->5575 5973 4079b9 5574->5973 5575->5500 5575->5501 5577 405200 5576->5577 5578 405205 __wincmdln 5576->5578 5579 40755a ___initmbctable 65 API calls 5577->5579 5578->5505 5579->5578 5581 401c02 5580->5581 5591 401d13 ctype 5580->5591 5581->5591 6035 402260 5581->6035 5583 401c33 6042 401880 5583->6042 5585 401c61 6052 4029b0 5585->6052 5587 401c76 ctype 5587->5591 6060 401680 5587->6060 5589 401cc3 5590 401680 37 API calls 5589->5590 5592 401ce4 5590->5592 5591->5509 5592->5591 6074 401000 InternetGetCookieW 5592->6074 5595 404ddc _fast_error_exit 36 API calls 5594->5595 5596 404eac 5595->5596 5596->5510 5598 403675 5597->5598 5599 40367a 5597->5599 6252 405057 5598->6252 6258 404edf 5599->6258 5603 404d18 _fast_error_exit 3 API calls 5604 40368d 5603->5604 5604->5470 6269 4049ab 5605->6269 5608 404612 6273 404434 5608->6273 5609 40461a GetModuleHandleA 5611 404698 FlsAlloc 5609->5611 5612 40462d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5609->5612 5615 4046ad 5611->5615 5616 4046ee 5611->5616 5612->5611 5614 404670 5612->5614 5614->5611 5617 406fac __lock 36 API calls 5615->5617 5618 404434 39 API calls 5616->5618 5620 4046bb 5617->5620 5619 4046f3 5618->5619 5619->5473 5620->5616 5621 4046c3 FlsSetValue 5620->5621 5621->5616 5622 4046d4 GetCurrentThreadId 5621->5622 5622->5619 5624 403650 5623->5624 5625 403655 5623->5625 5626 405057 _fast_error_exit 36 API calls 5624->5626 5627 404edf _fast_error_exit 36 API calls 5625->5627 5626->5625 5628 40365e 5627->5628 5628->5480 5630 405496 5629->5630 5631 40549b GetModuleFileNameA 5629->5631 5632 40755a ___initmbctable 65 API calls 5630->5632 5633 4054c3 5631->5633 5632->5631 5634 403a85 __lock 36 API calls 5633->5634 5635 4054ee 5634->5635 5635->5487 5637 404ddc _fast_error_exit 36 API calls 5636->5637 5638 404ecc 5637->5638 5638->5513 5640 405921 5639->5640 5640->5517 5640->5521 5649 403a59 5641->5649 5645 4075ac __lock 5644->5645 5646 4075e2 __lock 5645->5646 5647 4075be GetModuleHandleA 5645->5647 5646->5536 5647->5646 5648 4075cd GetProcAddress 5647->5648 5648->5646 5650 403a82 5649->5650 5652 403a60 __lock 5649->5652 5650->5525 5650->5529 5652->5650 5653 4039de 5652->5653 5655 4039ea __lock 5653->5655 5654 403a1d 5657 403a38 HeapAlloc 5654->5657 5658 403a47 __lock 5654->5658 5655->5654 5663 404afe 5655->5663 5657->5658 5658->5652 5659 403a05 5670 406c45 5659->5670 5664 404b11 5663->5664 5665 404b24 EnterCriticalSection 5663->5665 5679 404a5e 5664->5679 5665->5659 5667 404b17 5667->5665 5668 403647 __lock 35 API calls 5667->5668 5669 404b23 5668->5669 5669->5665 5672 406c77 5670->5672 5671 406d9a 5675 403a10 5671->5675 5755 406860 5671->5755 5672->5671 5672->5675 5747 4067a9 5672->5747 5676 403a50 5675->5676 5759 404a49 LeaveCriticalSection 5676->5759 5678 403a57 5678->5654 5680 404a6a __lock 5679->5680 5681 403a85 __lock 36 API calls 5680->5681 5683 404a8d __lock 5680->5683 5682 404a81 5681->5682 5684 404a95 5682->5684 5685 404a88 5682->5685 5683->5667 5687 404afe __lock 36 API calls 5684->5687 5700 40762b 5685->5700 5688 404a9c 5687->5688 5689 404aa4 5688->5689 5690 404adc 5688->5690 5692 4075a0 __lock 2 API calls 5689->5692 5691 40396d ___free_lc_time 36 API calls 5690->5691 5693 404ad8 5691->5693 5694 404aaf 5692->5694 5713 404af5 5693->5713 5694->5693 5695 404ab5 5694->5695 5703 40396d 5695->5703 5698 404abb 5699 40762b __lock 36 API calls 5698->5699 5699->5683 5716 404451 GetLastError FlsGetValue 5700->5716 5702 407630 5702->5683 5705 403979 __lock 5703->5705 5704 4039d8 __lock 5704->5698 5705->5704 5707 404afe __lock 35 API calls 5705->5707 5712 4039b5 5705->5712 5706 4039ca HeapFree 5706->5704 5708 403990 ___free_lc_time 5707->5708 5709 4039aa 5708->5709 5736 406491 5708->5736 5742 4039c0 5709->5742 5712->5704 5712->5706 5746 404a49 LeaveCriticalSection 5713->5746 5715 404afc 5715->5683 5717 4044b6 SetLastError 5716->5717 5718 40446d 5716->5718 5717->5702 5726 406fac 5718->5726 5720 404479 5721 404481 FlsSetValue 5720->5721 5722 4044ae 5720->5722 5721->5722 5723 404492 GetCurrentThreadId 5721->5723 5724 403647 __lock 31 API calls 5722->5724 5723->5717 5725 4044b5 5724->5725 5725->5717 5732 406fb8 __lock ___initmbctable 5726->5732 5727 40703e HeapAlloc 5727->5732 5728 406fcb __lock 5728->5720 5729 404afe __lock 35 API calls 5729->5732 5730 406c45 __lock 5 API calls 5730->5732 5732->5727 5732->5728 5732->5729 5732->5730 5733 407072 5732->5733 5734 404a49 ctype LeaveCriticalSection 5733->5734 5735 407079 5734->5735 5735->5732 5738 4064ce 5736->5738 5741 406774 __shift 5736->5741 5737 4066ba VirtualFree 5739 40671e 5737->5739 5738->5737 5738->5741 5740 40672d VirtualFree HeapFree 5739->5740 5739->5741 5740->5741 5741->5709 5745 404a49 LeaveCriticalSection 5742->5745 5744 4039c7 5744->5712 5745->5744 5746->5715 5748 4067bb HeapReAlloc 5747->5748 5749 4067ef HeapAlloc 5747->5749 5750 4067da 5748->5750 5751 4067de 5748->5751 5752 406816 5749->5752 5753 40681a VirtualAlloc 5749->5753 5750->5671 5751->5749 5752->5671 5753->5752 5754 406834 HeapFree 5753->5754 5754->5752 5756 406875 VirtualAlloc 5755->5756 5758 4068bc 5756->5758 5758->5675 5759->5678 5761 407563 5760->5761 5762 40756a 5760->5762 5764 40740a 5761->5764 5762->5565 5765 407416 __lock 5764->5765 5766 404afe __lock 36 API calls 5765->5766 5767 407421 5766->5767 5768 407435 GetOEMCP 5767->5768 5769 407447 5767->5769 5771 40745e 5768->5771 5770 40744c GetACP 5769->5770 5769->5771 5770->5771 5772 407539 5771->5772 5773 403a85 __lock 36 API calls 5771->5773 5775 40749c 5771->5775 5788 407551 5772->5788 5773->5775 5779 4074ae 5775->5779 5780 407276 5775->5780 5776 407548 __lock 5776->5762 5778 40396d ___free_lc_time 36 API calls 5778->5772 5779->5772 5779->5778 5781 407296 5780->5781 5784 4072c1 ___initmbctable 5780->5784 5782 4072ad GetCPInfo 5781->5782 5781->5784 5782->5784 5785 4073f4 5784->5785 5791 4070db GetCPInfo 5784->5791 5801 407c25 5785->5801 5972 404a49 LeaveCriticalSection 5788->5972 5790 407558 5790->5776 5796 407115 5791->5796 5800 4071d4 5791->5800 5793 407188 5830 406048 5793->5830 5795 407c25 _fast_error_exit 36 API calls 5798 40726e 5795->5798 5807 407fbd 5796->5807 5797 4071ac 5799 406048 ___initmbctable 61 API calls 5797->5799 5798->5785 5799->5800 5800->5795 5802 407408 5801->5802 5803 407bf4 __lock 5801->5803 5802->5779 5935 40989a 5803->5935 5808 407fc9 __lock 5807->5808 5809 407fd3 GetStringTypeW 5808->5809 5810 407feb 5808->5810 5809->5810 5811 407ff3 GetLastError 5809->5811 5812 408100 5810->5812 5813 40801e 5810->5813 5811->5810 5876 408cf8 GetLocaleInfoA 5812->5876 5815 40803a MultiByteToWideChar 5813->5815 5817 4080fa __lock 5813->5817 5815->5817 5824 408068 ___initmbctable _fast_error_exit 5815->5824 5817->5793 5818 40814c GetStringTypeA 5818->5817 5820 408165 5818->5820 5822 40396d ___free_lc_time 36 API calls 5820->5822 5821 408140 5821->5817 5821->5818 5822->5817 5823 4080c6 MultiByteToWideChar 5826 4080dd GetStringTypeW 5823->5826 5827 4080ee 5823->5827 5824->5823 5825 406fac __lock 36 API calls 5824->5825 5829 4080b7 5825->5829 5826->5827 5827->5817 5828 40396d ___free_lc_time 36 API calls 5827->5828 5828->5817 5829->5817 5829->5823 5831 406054 __lock 5830->5831 5832 40605e LCMapStringW 5831->5832 5835 406079 5831->5835 5833 406081 GetLastError 5832->5833 5832->5835 5833->5835 5834 4062a0 5837 408cf8 ___initmbctable 50 API calls 5834->5837 5835->5834 5836 4060cc 5835->5836 5838 4060ed MultiByteToWideChar 5836->5838 5863 406298 __lock 5836->5863 5839 4062cd 5837->5839 5840 40611b _fast_error_exit 5838->5840 5838->5863 5841 4062e6 5839->5841 5842 4063d8 LCMapStringA 5839->5842 5839->5863 5844 40617a MultiByteToWideChar 5840->5844 5848 403a85 __lock 36 API calls 5840->5848 5843 408d3f ___initmbctable 43 API calls 5841->5843 5846 4063d5 5842->5846 5847 4062f8 5843->5847 5849 406197 LCMapStringW 5844->5849 5850 40627d 5844->5850 5845 4063ff 5859 40396d ___free_lc_time 36 API calls 5845->5859 5845->5863 5846->5845 5851 40396d ___free_lc_time 36 API calls 5846->5851 5852 406302 LCMapStringA 5847->5852 5847->5863 5853 406167 5848->5853 5849->5850 5854 4061b6 5849->5854 5855 40628a 5850->5855 5858 40396d ___free_lc_time 36 API calls 5850->5858 5851->5845 5856 40639c 5852->5856 5866 406321 ___initmbctable _fast_error_exit 5852->5866 5853->5844 5853->5863 5857 4061bc 5854->5857 5864 4061e9 _fast_error_exit 5854->5864 5860 40396d ___free_lc_time 36 API calls 5855->5860 5855->5863 5856->5846 5861 40396d ___free_lc_time 36 API calls 5856->5861 5857->5850 5862 4061ce LCMapStringW 5857->5862 5858->5855 5859->5863 5860->5863 5861->5846 5862->5850 5863->5797 5865 406244 LCMapStringW 5864->5865 5869 403a85 __lock 36 API calls 5864->5869 5865->5850 5868 40625c WideCharToMultiByte 5865->5868 5867 40637f LCMapStringA 5866->5867 5871 403a85 __lock 36 API calls 5866->5871 5867->5856 5872 4063a0 5867->5872 5868->5850 5870 406235 5869->5870 5870->5850 5870->5865 5875 406364 ___initmbctable 5871->5875 5874 408d3f ___initmbctable 43 API calls 5872->5874 5874->5856 5875->5856 5875->5867 5877 408d24 5876->5877 5878 408d29 5876->5878 5880 407c25 _fast_error_exit 36 API calls 5877->5880 5908 409a3e 5878->5908 5881 408120 5880->5881 5881->5817 5881->5818 5882 408d3f 5881->5882 5883 408d4b __lock 5882->5883 5884 408d83 GetCPInfo 5883->5884 5900 408e91 5883->5900 5885 408d92 5884->5885 5887 408da9 _strlen 5884->5887 5886 408d98 GetCPInfo 5885->5886 5885->5887 5886->5887 5889 408dd9 MultiByteToWideChar 5887->5889 5894 408df3 ___initmbctable _fast_error_exit 5887->5894 5888 40396d ___free_lc_time 36 API calls 5891 408e4b 5888->5891 5889->5891 5889->5894 5890 407c25 _fast_error_exit 36 API calls 5892 408f13 __lock 5890->5892 5891->5890 5892->5821 5893 408e59 MultiByteToWideChar 5896 408e74 5893->5896 5893->5900 5894->5893 5895 406fac __lock 36 API calls 5894->5895 5897 408e43 5895->5897 5898 408e99 5896->5898 5899 408e79 WideCharToMultiByte 5896->5899 5897->5891 5897->5893 5901 408eb4 5898->5901 5902 408e9e WideCharToMultiByte 5898->5902 5899->5900 5900->5888 5900->5891 5903 406fac __lock 36 API calls 5901->5903 5902->5900 5902->5901 5904 408ebc 5903->5904 5904->5900 5905 408ec5 WideCharToMultiByte 5904->5905 5905->5900 5906 408ed9 5905->5906 5907 40396d ___free_lc_time 36 API calls 5906->5907 5907->5900 5909 404451 __lock 36 API calls 5908->5909 5910 409a45 5909->5910 5913 409a55 5910->5913 5915 405b85 5910->5915 5914 409a83 5913->5914 5923 40597d 5913->5923 5914->5877 5916 405b91 __lock 5915->5916 5917 404afe __lock 36 API calls 5916->5917 5918 405b98 5917->5918 5927 405ac4 5918->5927 5922 405bae __lock 5922->5913 5924 405992 5923->5924 5925 40599b 5923->5925 5924->5913 5926 407fbd ___initmbctable 50 API calls 5925->5926 5926->5924 5928 404451 __lock 36 API calls 5927->5928 5929 405aca 5928->5929 5930 4059f4 ___initmbctable 36 API calls 5929->5930 5931 405b7f 5929->5931 5930->5931 5932 405bb7 5931->5932 5933 404a49 ctype LeaveCriticalSection 5932->5933 5934 405bbe 5933->5934 5934->5922 5937 4098a9 __lock 5935->5937 5936 4098c1 5950 404eb0 5936->5950 5937->5936 5938 40990e GetModuleFileNameA 5937->5938 5941 409928 _strcat _fast_error_exit _strncpy _strlen 5938->5941 5943 4079cb 5941->5943 5944 4079de LoadLibraryA 5943->5944 5949 407a4b 5943->5949 5945 4079f3 GetProcAddress 5944->5945 5944->5949 5946 407a0a GetProcAddress GetProcAddress 5945->5946 5945->5949 5947 407a2d GetProcAddress 5946->5947 5946->5949 5948 407a3e GetProcAddress 5947->5948 5947->5949 5948->5949 5949->5936 5953 404ddc 5950->5953 5952 404ebd ExitProcess 5954 404de8 __lock 5953->5954 5955 404afe __lock 34 API calls 5954->5955 5956 404def 5955->5956 5957 404e00 GetCurrentProcess TerminateProcess 5956->5957 5959 404e10 _fast_error_exit 5956->5959 5957->5959 5963 404e8b 5959->5963 5962 404e86 __lock 5962->5952 5964 404e90 5963->5964 5965 404e73 5963->5965 5971 404a49 LeaveCriticalSection 5964->5971 5965->5962 5967 404d18 GetModuleHandleA 5965->5967 5968 404d27 GetProcAddress 5967->5968 5969 404d3d ExitProcess 5967->5969 5968->5969 5970 404d37 5968->5970 5970->5969 5971->5965 5972->5790 5976 407981 5973->5976 5975 4079c2 5975->5575 5977 40798d __lock 5976->5977 5984 404d48 5977->5984 5983 4079aa __lock 5983->5975 5985 404afe __lock 36 API calls 5984->5985 5986 404d4f 5985->5986 5987 4078d9 5986->5987 5997 4097be 5987->5997 5989 4078e5 5993 407927 5989->5993 6005 40960c 5989->6005 5991 407912 5992 40960c 39 API calls 5991->5992 5991->5993 5992->5993 5994 4079b3 5993->5994 6031 404d51 5994->6031 5998 4097ca __lock 5997->5998 5999 40980d HeapSize 5998->5999 6000 404afe __lock 36 API calls 5998->6000 6001 409820 __lock 5999->6001 6002 4097da ___free_lc_time 6000->6002 6001->5989 6023 40982b 6002->6023 6006 409618 __lock 6005->6006 6007 409621 6006->6007 6008 40962e 6006->6008 6009 403a85 __lock 36 API calls 6007->6009 6010 409640 6008->6010 6011 409635 6008->6011 6013 409629 __lock 6009->6013 6016 40977d __lock 6010->6016 6018 40964d __lock ___sbh_resize_block ___free_lc_time 6010->6018 6012 40396d ___free_lc_time 36 API calls 6011->6012 6012->6013 6013->5991 6014 409784 HeapReAlloc 6014->6013 6014->6016 6015 404afe __lock 36 API calls 6015->6018 6016->6013 6016->6014 6018->6013 6018->6015 6019 4096d9 HeapAlloc 6018->6019 6020 40972f HeapReAlloc 6018->6020 6021 406c45 __lock 5 API calls 6018->6021 6022 406491 VirtualFree VirtualFree HeapFree ___free_lc_time 6018->6022 6027 409774 6018->6027 6019->6018 6020->6018 6021->6018 6022->6018 6026 404a49 LeaveCriticalSection 6023->6026 6025 409807 6025->5999 6025->6001 6026->6025 6030 404a49 LeaveCriticalSection 6027->6030 6029 40977b 6029->6018 6030->6029 6034 404a49 LeaveCriticalSection 6031->6034 6033 404d58 6033->5983 6034->6033 6036 402272 6035->6036 6037 402295 6035->6037 6081 401fc0 MultiByteToWideChar 6036->6081 6039 401880 37 API calls 6037->6039 6041 4022c7 6039->6041 6040 40228e 6040->5583 6041->5583 6045 40188d 6042->6045 6043 4018d4 6044 4018e8 6043->6044 6091 40aecd 6043->6091 6049 4018fb 6044->6049 6099 401380 6044->6099 6045->6043 6048 4018b5 6045->6048 6050 401680 37 API calls 6048->6050 6049->5585 6051 4018ce 6050->6051 6051->5585 6055 402a08 6052->6055 6053 402a22 ctype 6053->5587 6055->6053 6056 402ace ctype 6055->6056 6167 4022d0 6055->6167 6056->6053 6057 401f80 37 API calls 6056->6057 6059 401680 37 API calls 6056->6059 6174 402920 6056->6174 6057->6056 6059->6056 6061 401693 6060->6061 6062 401698 6060->6062 6063 40ae75 37 API calls 6061->6063 6064 4016ca 6062->6064 6065 4016ab 6062->6065 6063->6062 6067 4016d9 6064->6067 6069 40aecd 37 API calls 6064->6069 6248 4011c0 6065->6248 6070 401380 36 API calls 6067->6070 6073 4016ec 6067->6073 6068 4016b7 6071 4011c0 37 API calls 6068->6071 6069->6067 6070->6073 6072 4016c1 6071->6072 6072->5589 6073->5589 6075 4010d1 6074->6075 6076 401043 6074->6076 6075->5591 6077 401050 InternetGetCookieW 6076->6077 6077->6075 6078 401085 CreateFileW 6077->6078 6078->6075 6079 4010a8 6078->6079 6079->6075 6080 4010ac WriteFile CloseHandle 6079->6080 6080->6075 6082 402004 6081->6082 6083 402088 6081->6083 6084 40200e MultiByteToWideChar 6082->6084 6085 401880 37 API calls 6083->6085 6084->6083 6086 40202b 6084->6086 6087 402072 ctype 6085->6087 6088 401880 37 API calls 6086->6088 6087->6040 6089 402048 6088->6089 6090 401680 37 API calls 6089->6090 6090->6087 6092 40aed7 __EH_prolog 6091->6092 6103 401980 6092->6103 6098 40af0c 6100 4013b6 6099->6100 6101 4034fb 36 API calls 6100->6101 6102 4013ed ctype 6101->6102 6102->6049 6104 4019a0 6103->6104 6104->6104 6112 401790 6104->6112 6106 4019b2 6107 4019f0 6106->6107 6108 401a12 6107->6108 6109 401590 37 API calls 6108->6109 6110 401a3b 6109->6110 6111 403509 RaiseException 6110->6111 6111->6098 6113 40179d 6112->6113 6114 4017e1 6113->6114 6118 4017c4 6113->6118 6115 4017f2 6114->6115 6116 40aecd 37 API calls 6114->6116 6119 401805 6115->6119 6136 401240 6115->6136 6116->6115 6122 401590 6118->6122 6119->6106 6121 4017db 6121->6106 6123 4015a3 6122->6123 6124 4015a8 6122->6124 6140 40ae75 6123->6140 6126 4015da 6124->6126 6127 4015bb 6124->6127 6129 4015e6 6126->6129 6131 40aecd 37 API calls 6126->6131 6150 401140 6127->6150 6133 401240 36 API calls 6129->6133 6135 4015f9 6129->6135 6130 4015c7 6132 401140 37 API calls 6130->6132 6131->6129 6134 4015d1 6132->6134 6133->6135 6134->6121 6135->6121 6137 401273 6136->6137 6164 4034fb 6137->6164 6139 4012a9 ctype 6139->6119 6141 40ae7f __EH_prolog 6140->6141 6142 401980 37 API calls 6141->6142 6143 40ae8f 6142->6143 6144 4019f0 37 API calls 6143->6144 6145 40ae9f 6144->6145 6154 403509 RaiseException 6145->6154 6147 40aeb4 6155 401ac0 6147->6155 6151 40114e 6150->6151 6153 401153 __shift 6150->6153 6152 40ae75 37 API calls 6151->6152 6152->6153 6153->6130 6154->6147 6160 403554 6155->6160 6157 401ae8 6158 401590 37 API calls 6157->6158 6159 401b10 6158->6159 6159->6124 6161 40356f _strlen 6160->6161 6163 403580 _strcat 6160->6163 6162 403a85 __lock 36 API calls 6161->6162 6161->6163 6162->6163 6163->6157 6165 403a59 __lock 36 API calls 6164->6165 6166 403506 6165->6166 6166->6139 6168 4022e6 6167->6168 6170 402321 6168->6170 6172 402412 6168->6172 6182 4020e0 6168->6182 6171 4034fb 36 API calls 6170->6171 6170->6172 6173 402386 __shift ctype 6171->6173 6172->6055 6173->6055 6175 40292c 6174->6175 6176 40298d 6175->6176 6177 402968 6175->6177 6194 4028b0 6176->6194 6190 4024b0 6177->6190 6183 401790 37 API calls 6182->6183 6184 40211d 6183->6184 6185 4019f0 37 API calls 6184->6185 6186 402132 6185->6186 6189 403509 RaiseException 6186->6189 6188 402149 6189->6188 6191 4024e0 6190->6191 6192 40253c 6191->6192 6193 401680 37 API calls 6191->6193 6192->6056 6193->6191 6195 4028c0 6194->6195 6198 402580 6195->6198 6197 402908 6197->6056 6199 401680 37 API calls 6198->6199 6200 4025c5 6199->6200 6201 40262b 6200->6201 6223 40270b ctype 6200->6223 6224 401a50 6200->6224 6203 40278b 6201->6203 6216 40265b 6201->6216 6204 402820 6203->6204 6205 4021c0 37 API calls 6203->6205 6206 4021c0 37 API calls 6204->6206 6204->6223 6207 4027ce 6205->6207 6208 40285f 6206->6208 6235 402550 6207->6235 6242 402180 6208->6242 6212 402874 6215 402150 37 API calls 6212->6215 6213 4034fb 36 API calls 6217 4026b3 6213->6217 6215->6223 6216->6213 6231 4021c0 6217->6231 6220 4024b0 37 API calls 6221 4026e8 6220->6221 6222 4021c0 37 API calls 6221->6222 6222->6223 6223->6197 6225 401790 37 API calls 6224->6225 6226 401a8d 6225->6226 6227 4019f0 37 API calls 6226->6227 6228 401aa2 6227->6228 6247 403509 RaiseException 6228->6247 6230 401ab9 6232 4021f0 6231->6232 6233 40224c 6232->6233 6234 401680 37 API calls 6232->6234 6233->6220 6234->6232 6236 4024b0 37 API calls 6235->6236 6237 40256c 6236->6237 6238 402150 6237->6238 6239 402176 6238->6239 6240 40215e 6238->6240 6239->6204 6240->6239 6241 401680 37 API calls 6240->6241 6241->6240 6243 40218e 6242->6243 6244 4021af 6242->6244 6245 401680 37 API calls 6243->6245 6246 4021a9 6243->6246 6244->6212 6245->6243 6246->6212 6247->6230 6249 4011ce 6248->6249 6251 4011d3 __shift 6248->6251 6250 40ae75 37 API calls 6249->6250 6250->6251 6251->6068 6253 405061 6252->6253 6254 404edf _fast_error_exit 36 API calls 6253->6254 6257 40508e 6253->6257 6255 405078 6254->6255 6256 404edf _fast_error_exit 36 API calls 6255->6256 6256->6257 6257->5599 6263 404f07 6258->6263 6259 40500f 6261 407c25 _fast_error_exit 33 API calls 6259->6261 6260 405014 _strlen 6265 405026 GetStdHandle WriteFile 6260->6265 6264 403683 6261->6264 6262 404f46 6262->6259 6266 404f52 GetModuleFileNameA 6262->6266 6263->6259 6263->6260 6263->6262 6264->5603 6265->6259 6267 404f6c _strcat _fast_error_exit _strncpy _strlen 6266->6267 6268 4079cb _fast_error_exit 6 API calls 6267->6268 6268->6259 6270 4049b4 6269->6270 6271 4075a0 __lock 2 API calls 6270->6271 6272 40460e 6270->6272 6271->6270 6272->5608 6272->5609 6274 40443e FlsFree 6273->6274 6275 40444c 6273->6275 6274->6275 6276 404a0e DeleteCriticalSection 6275->6276 6277 404a26 6275->6277 6278 40396d ___free_lc_time 36 API calls 6276->6278 6279 404a38 DeleteCriticalSection 6277->6279 6280 404617 6277->6280 6278->6275 6279->6277 6280->5473 6788 406210 6789 408f19 5 API calls 6788->6789 6790 406218 6789->6790 6791 406244 LCMapStringW 6790->6791 6794 403a85 __lock 36 API calls 6790->6794 6792 40625c WideCharToMultiByte 6791->6792 6793 40627d 6791->6793 6792->6793 6797 40396d ___free_lc_time 36 API calls 6793->6797 6798 40628a 6793->6798 6795 406235 6794->6795 6795->6791 6795->6793 6797->6798 6799 40396d ___free_lc_time 36 API calls 6798->6799 6800 406298 __lock 6798->6800 6799->6800 6801 407c15 6802 407c18 ExitProcess 6801->6802 7092 4038d8 7093 4038dd __fpmath 7092->7093 7096 40601f GetModuleHandleA 7093->7096 7095 4038e2 __fpmath 7097 40602e GetProcAddress 7096->7097 7098 40603e 7096->7098 7097->7098 7098->7095 7312 40809a 7313 408f19 5 API calls 7312->7313 7314 4080a2 7313->7314 7315 4080c6 MultiByteToWideChar 7314->7315 7316 406fac __lock 36 API calls 7314->7316 7317 4080dd GetStringTypeW 7315->7317 7318 4080ee 7315->7318 7319 4080b7 7316->7319 7317->7318 7320 40396d ___free_lc_time 36 API calls 7318->7320 7321 4080fa __lock 7318->7321 7319->7315 7319->7321 7320->7321 6377 405c61 6378 405c8a 6377->6378 6379 405c6f 6377->6379 6389 408999 6378->6389 6384 408954 6379->6384 6394 409c88 6384->6394 6386 40897f 6387 407c25 _fast_error_exit 36 API calls 6386->6387 6388 405c78 6387->6388 6390 409c88 50 API calls 6389->6390 6391 4089c4 6390->6391 6392 407c25 _fast_error_exit 36 API calls 6391->6392 6393 405c93 6392->6393 6397 409cd5 6394->6397 6395 403865 50 API calls 6395->6397 6397->6395 6398 409f80 6397->6398 6401 409d36 6397->6401 6400 409fb1 6398->6400 6408 403865 6398->6408 6399 40a033 6402 407c25 _fast_error_exit 36 API calls 6399->6402 6400->6401 6404 403865 50 API calls 6400->6404 6401->6399 6416 409ba0 6401->6416 6403 40a095 6402->6403 6403->6386 6404->6400 6409 404451 __lock 36 API calls 6408->6409 6410 40386a 6409->6410 6411 405b85 ___initmbctable 36 API calls 6410->6411 6413 40387a 6410->6413 6411->6413 6412 403890 6412->6398 6413->6412 6414 40597d ___initmbctable 50 API calls 6413->6414 6415 40388c 6414->6415 6415->6398 6419 409bd4 6416->6419 6417 407c25 _fast_error_exit 36 API calls 6418 409c86 6417->6418 6418->6399 6420 40aa47 6418->6420 6419->6417 6421 40aa6d 6420->6421 6424 40aac6 6420->6424 6421->6424 6426 40a811 6421->6426 6422 407c25 _fast_error_exit 36 API calls 6423 40aad3 6422->6423 6423->6399 6424->6422 6429 40a865 ___addl ___shr_12 6426->6429 6427 407c25 _fast_error_exit 36 API calls 6428 40aa45 6427->6428 6428->6421 6429->6427 6430 403c61 6433 403bd0 6430->6433 6432 403c69 6434 403bda 6433->6434 6435 403bdd 6433->6435 6434->6432 6436 404451 __lock 36 API calls 6435->6436 6437 403be2 __lock 6436->6437 6438 404451 __lock 36 API calls 6437->6438 6439 404709 6438->6439 6440 404451 __lock 36 API calls 6439->6440 6442 404718 6439->6442 6440->6442 6441 404edf _fast_error_exit 36 API calls 6443 40757f 6441->6443 6442->6441 6444 409493 36 API calls 6443->6444 6445 407586 6444->6445 6446 404eb0 _fast_error_exit 36 API calls 6445->6446 6447 40758f InitializeCriticalSection 6446->6447 6447->6432 6808 404721 6809 404724 6808->6809 6810 404edf _fast_error_exit 36 API calls 6809->6810 6811 40757f 6810->6811 6812 409493 36 API calls 6811->6812 6813 407586 6812->6813 6814 404eb0 _fast_error_exit 36 API calls 6813->6814 6815 40758f InitializeCriticalSection 6814->6815 6448 409263 6449 409270 6448->6449 6450 406fac __lock 36 API calls 6449->6450 6451 40928a 6450->6451 6452 4092a3 6451->6452 6453 406fac __lock 36 API calls 6451->6453 6453->6452 6816 408e24 6817 408f19 5 API calls 6816->6817 6818 408e2c 6817->6818 6819 408e59 MultiByteToWideChar 6818->6819 6820 406fac __lock 36 API calls 6818->6820 6821 408e74 6819->6821 6834 408e91 6819->6834 6822 408e43 6820->6822 6823 408e99 6821->6823 6824 408e79 WideCharToMultiByte 6821->6824 6822->6819 6825 408e4b 6822->6825 6827 408eb4 6823->6827 6828 408e9e WideCharToMultiByte 6823->6828 6824->6834 6829 407c25 _fast_error_exit 36 API calls 6825->6829 6826 40396d ___free_lc_time 36 API calls 6826->6825 6830 406fac __lock 36 API calls 6827->6830 6828->6827 6828->6834 6831 408f13 __lock 6829->6831 6832 408ebc 6830->6832 6833 408ec5 WideCharToMultiByte 6832->6833 6832->6834 6833->6834 6835 408ed9 6833->6835 6834->6825 6834->6826 6836 40396d ___free_lc_time 36 API calls 6835->6836 6836->6834 6837 402825 6838 40283f 6837->6838 6847 403509 RaiseException 6838->6847 6840 402848 6841 4021c0 37 API calls 6840->6841 6842 40285f 6841->6842 6843 402180 37 API calls 6842->6843 6844 402874 6843->6844 6845 402150 37 API calls 6844->6845 6846 402881 ctype 6845->6846 6847->6840 6848 402227 6849 402231 6848->6849 6850 40224c 6849->6850 6852 403509 RaiseException 6849->6852 6852->6850 6454 402769 6455 402779 ctype 6454->6455 6456 40278b 6455->6456 6470 403509 RaiseException 6455->6470 6458 402820 6456->6458 6459 4021c0 37 API calls 6456->6459 6460 4021c0 37 API calls 6458->6460 6469 402881 ctype 6458->6469 6461 4027ce 6459->6461 6462 40285f 6460->6462 6463 402550 37 API calls 6461->6463 6464 402180 37 API calls 6462->6464 6465 4027ff 6463->6465 6466 402874 6464->6466 6467 402150 37 API calls 6465->6467 6468 402150 37 API calls 6466->6468 6467->6458 6468->6469 6470->6456 6471 403c6a 6474 403c16 6471->6474 6472 403c7f 6491 403ca1 6472->6491 6474->6472 6479 40472d 6474->6479 6477 403c92 __lock 6478 40472d 37 API calls 6478->6477 6480 4046f8 __lock 6479->6480 6484 404451 __lock 36 API calls 6480->6484 6490 404718 6480->6490 6481 404edf _fast_error_exit 36 API calls 6482 40757f 6481->6482 6483 409493 36 API calls 6482->6483 6485 407586 6483->6485 6486 404709 6484->6486 6487 404eb0 _fast_error_exit 36 API calls 6485->6487 6489 404451 __lock 36 API calls 6486->6489 6486->6490 6488 40758f InitializeCriticalSection 6487->6488 6488->6474 6489->6490 6490->6481 6492 404451 __lock 36 API calls 6491->6492 6493 403ca6 6492->6493 6494 404451 __lock 36 API calls 6493->6494 6495 403c88 6493->6495 6494->6495 6495->6477 6495->6478 6853 40442b TlsAlloc 6854 40382b 6857 405090 6854->6857 6858 404451 __lock 36 API calls 6857->6858 6859 40509c 6858->6859 6860 4051e6 UnhandledExceptionFilter 6859->6860 6861 40383c 6859->6861 6860->6861 6862 40362b 6865 4035e5 6862->6865 6864 403633 ctype 6866 4035f1 __lock 6865->6866 6867 404afe __lock 36 API calls 6866->6867 6868 403600 6867->6868 6869 403612 6868->6869 6870 40396d ___free_lc_time 36 API calls 6868->6870 6873 403622 6869->6873 6870->6869 6872 40361c __lock 6872->6864 6876 404a49 LeaveCriticalSection 6873->6876 6875 403629 6875->6872 6876->6875 7103 4030ec 7104 403108 7103->7104 7105 4030fc 7103->7105 7108 404389 7104->7108 7109 4043a1 7108->7109 7110 4043a6 7108->7110 7111 40472d 37 API calls 7109->7111 7112 4043af 7110->7112 7114 4043ce 7110->7114 7111->7110 7116 403123 7112->7116 7117 403bee 7112->7117 7114->7116 7127 404185 7114->7127 7118 403bfa __lock 7117->7118 7119 404451 __lock 36 API calls 7118->7119 7120 403c08 7119->7120 7121 403c7f 7120->7121 7124 40472d 37 API calls 7120->7124 7122 403ca1 36 API calls 7121->7122 7123 403c88 7122->7123 7125 40472d 37 API calls 7123->7125 7126 403c92 __lock 7123->7126 7124->7120 7125->7126 7126->7116 7128 40419d 7127->7128 7129 4041aa 7128->7129 7130 40472d 37 API calls 7128->7130 7133 40424f 7129->7133 7136 404451 __lock 36 API calls 7129->7136 7156 40435b 7129->7156 7130->7129 7131 404364 7180 4040c7 7131->7180 7135 40427a 7133->7135 7133->7156 7134 404384 __lock 7138 404451 __lock 36 API calls 7134->7138 7164 4032a0 7135->7164 7139 4041e4 7136->7139 7140 404709 7138->7140 7141 404451 __lock 36 API calls 7139->7141 7142 404346 7139->7142 7143 404451 __lock 36 API calls 7140->7143 7146 404718 7140->7146 7144 4041f3 7141->7144 7142->7116 7143->7146 7147 404451 __lock 36 API calls 7144->7147 7145 404edf _fast_error_exit 36 API calls 7149 40757f 7145->7149 7146->7145 7148 4041fe 7147->7148 7162 406f5c IsBadReadPtr 7148->7162 7151 409493 36 API calls 7149->7151 7153 407586 7151->7153 7154 404eb0 _fast_error_exit 36 API calls 7153->7154 7157 40758f InitializeCriticalSection 7154->7157 7155 40472d 37 API calls 7160 40421e 7155->7160 7156->7131 7156->7134 7157->7116 7158 404291 7158->7142 7170 404060 7158->7170 7160->7133 7160->7156 7161 40472d 37 API calls 7160->7161 7161->7133 7163 404213 7162->7163 7163->7155 7163->7160 7165 4032be 7164->7165 7169 4032f3 7164->7169 7166 40472d 37 API calls 7165->7166 7165->7169 7166->7165 7167 40330f 7167->7158 7168 40472d 37 API calls 7168->7167 7169->7167 7169->7168 7171 404072 7170->7171 7172 404067 7170->7172 7215 403064 RtlUnwind 7171->7215 7190 403ee4 7172->7190 7175 404088 7176 403bee 37 API calls 7175->7176 7177 404096 7176->7177 7216 403d20 7177->7216 7179 4040b7 7179->7158 7181 404180 7180->7181 7182 4040dc 7180->7182 7181->7142 7183 404451 __lock 36 API calls 7182->7183 7184 4040e1 7183->7184 7185 4040ff 7184->7185 7260 403127 7184->7260 7185->7181 7187 4032a0 37 API calls 7185->7187 7188 40411e 7187->7188 7188->7181 7189 404060 41 API calls 7188->7189 7189->7188 7191 403ef0 __lock 7190->7191 7192 403f37 7191->7192 7193 403f6c 7191->7193 7214 403f58 __lock __shift 7191->7214 7196 406f5c IsBadReadPtr 7192->7196 7194 403f71 7193->7194 7195 403fb7 7193->7195 7197 406f5c IsBadReadPtr 7194->7197 7199 403ff0 7195->7199 7200 403fbd 7195->7200 7198 403f3c 7196->7198 7202 403f76 7197->7202 7203 403f4e 7198->7203 7230 406f78 IsBadWritePtr 7198->7230 7204 406f5c IsBadReadPtr 7199->7204 7201 406f5c IsBadReadPtr 7200->7201 7205 403fc2 7201->7205 7202->7203 7209 406f78 IsBadWritePtr 7202->7209 7208 40472d 37 API calls 7203->7208 7203->7214 7207 403ff5 7204->7207 7205->7203 7210 406f78 IsBadWritePtr 7205->7210 7207->7203 7211 406f78 IsBadWritePtr 7207->7211 7208->7214 7209->7203 7210->7203 7212 404003 7211->7212 7212->7203 7232 406f94 IsBadCodePtr 7212->7232 7214->7171 7215->7175 7217 403d2c __lock 7216->7217 7234 40331a 7217->7234 7220 404451 __lock 36 API calls 7221 403d57 7220->7221 7222 404451 __lock 36 API calls 7221->7222 7223 403d62 7222->7223 7224 404451 __lock 36 API calls 7223->7224 7225 403d70 7224->7225 7226 404451 __lock 36 API calls 7225->7226 7227 403d78 7226->7227 7239 403e75 7227->7239 7229 403e63 __lock 7229->7179 7231 406f8e 7230->7231 7231->7203 7233 406fa6 7232->7233 7233->7203 7235 404451 __lock 36 API calls 7234->7235 7236 40332a 7235->7236 7237 404451 __lock 36 API calls 7236->7237 7238 403338 7237->7238 7238->7220 7248 403363 7239->7248 7241 403e83 7242 404451 __lock 36 API calls 7241->7242 7243 403e89 7242->7243 7244 404451 __lock 36 API calls 7243->7244 7245 403e94 7244->7245 7247 403ed0 7245->7247 7257 403342 7245->7257 7247->7229 7249 404451 __lock 36 API calls 7248->7249 7250 403369 7249->7250 7251 403385 7250->7251 7252 403375 7250->7252 7254 404451 __lock 36 API calls 7251->7254 7253 404451 __lock 36 API calls 7252->7253 7255 40337a 7253->7255 7256 40338a 7254->7256 7255->7241 7256->7241 7258 404451 __lock 36 API calls 7257->7258 7259 403347 7258->7259 7259->7247 7261 403137 7260->7261 7262 403149 7260->7262 7261->7185 7263 404451 __lock 36 API calls 7262->7263 7263->7261 7322 4047ac 7323 4047d7 7322->7323 7324 4047bb 7322->7324 7325 406f94 IsBadCodePtr 7323->7325 7327 4047e6 7323->7327 7324->7323 7328 4046f8 7324->7328 7325->7327 7329 404704 __lock 7328->7329 7330 404451 __lock 36 API calls 7329->7330 7331 404709 7330->7331 7332 404451 __lock 36 API calls 7331->7332 7336 404718 7331->7336 7332->7336 7333 404edf _fast_error_exit 36 API calls 7334 40757f 7333->7334 7335 409493 36 API calls 7334->7335 7337 407586 7335->7337 7336->7333 7338 404eb0 _fast_error_exit 36 API calls 7337->7338 7339 40758f InitializeCriticalSection 7338->7339 7339->7323 7264 4031ee 7265 403219 7264->7265 7266 403202 7264->7266 7265->7266 7267 404389 42 API calls 7265->7267 7268 40325a 7267->7268 7269 403271 7268->7269 7272 403064 RtlUnwind 7268->7272 7271 403127 36 API calls 7269->7271 7271->7266 7272->7269 6877 401b30 6878 401ac0 37 API calls 6877->6878 6879 401b3d 6878->6879 7340 4012b3 7341 4034fb 36 API calls 7340->7341 7342 4012c7 7341->7342 6880 409834 6881 409843 6880->6881 6882 40984a GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 6880->6882 6881->6882 6883 40988d 6881->6883 6882->6883 7273 4013f5 7276 401120 7273->7276 7277 4034fb 36 API calls 7276->7277 7278 40112d 7277->7278 7343 4030b6 7344 404389 42 API calls 7343->7344 7345 4030dc 7344->7345 7279 403cf9 7280 4046f8 __lock 7279->7280 7281 404451 __lock 36 API calls 7280->7281 7282 404709 7281->7282 7283 404718 7282->7283 7284 404451 __lock 36 API calls 7282->7284 7285 404edf _fast_error_exit 36 API calls 7283->7285 7284->7283 7286 40757f 7285->7286 7287 409493 36 API calls 7286->7287 7288 407586 7287->7288 7289 404eb0 _fast_error_exit 36 API calls 7288->7289 7290 40758f InitializeCriticalSection 7289->7290 7291 403dfa 7292 403e17 7291->7292 7293 403bee 37 API calls 7292->7293 7294 403e4e 7293->7294 7295 403e75 36 API calls 7294->7295 7296 403e63 __lock 7295->7296 7297 4047fa SetUnhandledExceptionFilter 6496 405f7c 6497 405f85 6496->6497 6498 405fb7 6496->6498 6497->6498 6499 405f8b 6497->6499 6517 405d6a 6498->6517 6502 405f91 6499->6502 6503 405fa4 6499->6503 6501 405fb5 6507 405e76 6502->6507 6512 405edd 6503->6512 6522 408b0f 6507->6522 6509 405ea0 6510 407c25 _fast_error_exit 36 API calls 6509->6510 6511 405edb 6510->6511 6513 408b0f 36 API calls 6512->6513 6514 405f08 6513->6514 6515 407c25 _fast_error_exit 36 API calls 6514->6515 6516 405f7a 6515->6516 6516->6501 6518 408b0f 36 API calls 6517->6518 6519 405d94 6518->6519 6520 407c25 _fast_error_exit 36 API calls 6519->6520 6521 405dd8 6520->6521 6521->6501 6523 408b38 6522->6523 6528 40a0c8 6523->6528 6525 408b53 _strcat 6526 407c25 _fast_error_exit 36 API calls 6525->6526 6527 408b85 6526->6527 6527->6509 6529 40a138 6528->6529 6530 40aa47 36 API calls 6529->6530 6535 40a15c _strcat ___shr_12 6529->6535 6531 40a21a 6530->6531 6532 40a811 36 API calls 6531->6532 6531->6535 6532->6535 6533 407c25 _fast_error_exit 36 API calls 6534 40a33c 6533->6534 6534->6525 6535->6533 6536 404b7c 6537 404b84 6536->6537 6538 404c38 __lock 6537->6538 6542 4076b0 6537->6542 6541 404bbd __lock 6541->6538 6554 403408 RtlUnwind 6541->6554 6543 4076de 6542->6543 6544 4076c3 6542->6544 6543->6541 6544->6543 6545 40775c VirtualQuery 6544->6545 6546 407855 6544->6546 6545->6543 6552 407771 6545->6552 6546->6543 6547 40785d InterlockedExchange 6546->6547 6547->6543 6550 407874 InterlockedExchange 6547->6550 6548 4077da InterlockedExchange 6548->6543 6553 4077ef InterlockedExchange 6548->6553 6550->6543 6552->6543 6552->6548 6553->6543 6555 403420 6554->6555 6555->6541 6884 40383f 6885 403851 6884->6885 6886 40384b 6884->6886 6890 404ed0 6885->6890 6887 404eb0 _fast_error_exit 36 API calls 6886->6887 6887->6885 6889 403856 __lock 6891 404ddc _fast_error_exit 36 API calls 6890->6891 6892 404edb 6891->6892 6892->6889

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00404D18 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 404d18-404d25 GetModuleHandleA 1 404d27-404d35 GetProcAddress 0->1 2 404d3d-404d41 ExitProcess 0->2 1->2 3 404d37 1->3 3->2
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(mscoree.dll,00404E86,?,0040C2B0,00000008,00404EBD,?,00000001,00000000,004099E4,00000003), ref: 00404D1D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00404D2D
                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00404D41
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressExitHandleModuleProcProcess
                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                • API String ID: 75539706-1276376045
                                                                                                                                                                                                                • Opcode ID: d1451536d844ab3e6f95523ea5f90e8eab4384d604387f1acd643b0b4664a1c1
                                                                                                                                                                                                                • Instruction ID: c2609e959d7727467e52d893d0eb9f533a6e50f6d1d8ac87e1503fb35feed663
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1451536d844ab3e6f95523ea5f90e8eab4384d604387f1acd643b0b4664a1c1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DD0C770640301EBD6102FF09E89E1B37559F40B05B1446397545F01E0CB7CC800DD19
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00401000 Relevance: 7.6, APIs: 5, Instructions: 101filenetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetGetCookieW.WININET(000000FF,00000000,00000000,00000007), ref: 00401033
                                                                                                                                                                                                                • InternetGetCookieW.WININET(?,00000000,00000000,?), ref: 00401079
                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?,?,?,?,?,0040C12C,00000000), ref: 0040109B
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000), ref: 004010C2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004010CB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CookieFileInternet$CloseCreateHandleWrite
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 553115592-0
                                                                                                                                                                                                                • Opcode ID: 6ee62c0f2943eba23ba155c943fddd5be51a5a8077478463c6cd02342a5ddbbe
                                                                                                                                                                                                                • Instruction ID: e5a7feb063e61cb7044b2f356cab2385135cecc8df017323776db1487c0f15b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ee62c0f2943eba23ba155c943fddd5be51a5a8077478463c6cd02342a5ddbbe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18319572A00209ABD710CB99DC85FABF7BDEB88714F10423AFA05A7390DA759D41C795
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004058E8 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 16 4058e8-405906 HeapCreate 17 405932-405934 16->17 18 405908-405915 call 4058ce 16->18 21 405935-405938 18->21 22 405917-405924 call 40641e 18->22 22->21 25 405926-40592c HeapDestroy 22->25 25->17
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,0040375E,00000001,?,0040C190,00000060), ref: 004058F9
                                                                                                                                                                                                                  • Part of subcall function 0040641E: HeapAlloc.KERNEL32(00000000,00000140,00405921,000003F8,?,0040C190,00000060), ref: 0040642B
                                                                                                                                                                                                                • HeapDestroy.KERNEL32(?,0040C190,00000060), ref: 0040592C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$AllocCreateDestroy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2236781399-0
                                                                                                                                                                                                                • Opcode ID: 2b472e1268dc517c59981013f770f439964f4455b6ac51ab9139bcd5af4ebc05
                                                                                                                                                                                                                • Instruction ID: adb947349ec5520b24d61e9897c2c8b5ef332eba80f7c443c28bf25e3c871fc0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b472e1268dc517c59981013f770f439964f4455b6ac51ab9139bcd5af4ebc05
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90E065B4A60701EFEB006F706C093272698EB44756F04843AB605E50F0EB388810DA08
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00404EDF Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 213 404edf-404f05 214 404f07-404f0e 213->214 215 404f10-404f14 214->215 216 404f16-404f21 214->216 215->214 215->216 217 404f27-404f2f 216->217 218 405039-405056 call 407c25 216->218 219 405014-405033 call 404920 GetStdHandle WriteFile 217->219 220 404f35-404f37 217->220 219->218 223 404f46-404f4c 220->223 224 404f39-404f40 220->224 223->218 227 404f52-404f6a GetModuleFileNameA 223->227 224->219 224->223 228 404f7c-404f8c call 404920 227->228 229 404f6c-404f7b call 404820 227->229 234 404fb0-405012 call 404920 * 2 call 405940 call 404820 call 404830 * 3 call 4079cb 228->234 235 404f8e-404fad call 404920 call 407ad0 228->235 229->228 234->218 235->234
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 00404F62
                                                                                                                                                                                                                • _strcat.LIBCMT ref: 00404F75
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00404F82
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00404F91
                                                                                                                                                                                                                • _strncpy.LIBCMT ref: 00404FA8
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00404FB1
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00404FBE
                                                                                                                                                                                                                • _strcat.LIBCMT ref: 00404FDC
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00405021
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,0040C638,00000000,?,00000000,00000000,00000000,00000000), ref: 0040502C
                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000), ref: 00405033
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
                                                                                                                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                • API String ID: 3601721357-4022980321
                                                                                                                                                                                                                • Opcode ID: 4007586a13cea96346386d3b512d28e5d552a4b5a124febad4f4dd170e644e66
                                                                                                                                                                                                                • Instruction ID: 48791b4b6fccf7b57cddb9e4e462f4ad089f7744d0ebfecabf3e045950e892a5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4007586a13cea96346386d3b512d28e5d552a4b5a124febad4f4dd170e644e66
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E31D7B2500104AADB34BBB5EC86E9F7268EB89314F10493FF615F35D2DA3DA4448A6C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040989A Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 256 40989a-4098bf call 404b30 259 4098c1-4098d0 256->259 260 4098de-4098e2 256->260 270 4099dd-4099fe call 404eb0 259->270 261 4098e4-4098f8 260->261 262 4098fa-409909 260->262 263 40990e-409926 GetModuleFileNameA 261->263 262->263 265 409928-40993a call 404820 263->265 266 40993b-409950 call 404920 263->266 265->266 275 409952-409974 call 404920 call 407ad0 266->275 276 409977-4099da call 404920 call 405940 call 404820 call 404830 * 5 call 4079cb 266->276 277 409a00-409a02 270->277 275->276 276->270 280 409a04-409a10 277->280 281 409a36-409a3d 277->281 280->277 284 409a12-409a30 280->284 284->277 288 409a32-409a34 284->288 288->281
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0040D288,00000118,00407C0D,00000001,00000000,0040CED8,00000008,0040504F), ref: 0040991E
                                                                                                                                                                                                                • _strcat.LIBCMT ref: 00409934
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00409944
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00409955
                                                                                                                                                                                                                • _strncpy.LIBCMT ref: 0040996F
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00409978
                                                                                                                                                                                                                • _strcat.LIBCMT ref: 00409994
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strlen$_strcat$FileModuleName_strncpy
                                                                                                                                                                                                                • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                                                                                                                                • API String ID: 3058806289-1673886896
                                                                                                                                                                                                                • Opcode ID: c9c294f2889ad1acf6be317bae555111953f9c7040bba73f8206813134af01b6
                                                                                                                                                                                                                • Instruction ID: a206ce52bf1f7da5c935dd3cc1c7b868177f1b7ca9d22687d2fd56eff6b21ebd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9c294f2889ad1acf6be317bae555111953f9c7040bba73f8206813134af01b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC412AB29002546BDB106BA59C42BDF7768DB85324F14847BF5547B3C3C63DDE068A9C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404609 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 304 404609-404610 call 4049ab 307 404612-404619 call 404434 304->307 308 40461a-40462b GetModuleHandleA 304->308 310 404698-4046ab FlsAlloc 308->310 311 40462d-40466e GetProcAddress * 4 308->311 314 4046ad-4046c1 call 406fac 310->314 315 4046ee-4046f3 call 404434 310->315 311->310 313 404670-404693 311->313 313->310 314->315 321 4046c3-4046d2 FlsSetValue 314->321 320 4046f5-4046f7 315->320 321->315 322 4046d4-4046ec GetCurrentThreadId 321->322 322->320
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,74DF0A60,00000000,00403770,?,0040C190,00000060), ref: 00404621
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00404639
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00404646
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00404653
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00404660
                                                                                                                                                                                                                • FlsAlloc.KERNEL32(004044C2,?,0040C190,00000060), ref: 0040469D
                                                                                                                                                                                                                • FlsSetValue.KERNEL32(00000000,?,0040C190,00000060), ref: 004046CA
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004046DE
                                                                                                                                                                                                                  • Part of subcall function 00404434: FlsFree.KERNEL32(00000002,004046F3,?,0040C190,00000060), ref: 0040443F
                                                                                                                                                                                                                  • Part of subcall function 00404434: DeleteCriticalSection.KERNEL32(00000000,00000000,00000000,?,004046F3,?,0040C190,00000060), ref: 00404A0F
                                                                                                                                                                                                                  • Part of subcall function 00404434: DeleteCriticalSection.KERNEL32(00000002,00000000,?,004046F3,?,0040C190,00000060), ref: 00404A39
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue
                                                                                                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                                                                                                                                • API String ID: 2635119114-282957996
                                                                                                                                                                                                                • Opcode ID: 6b01fef21df0aa31f6db9504e76d97caf3d49d0709238c16200abf26dad541e4
                                                                                                                                                                                                                • Instruction ID: af7d9ed28354a58f6d90a1357aeb3be42eba868cb7570bfe7ab0eb0857cc9e03
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b01fef21df0aa31f6db9504e76d97caf3d49d0709238c16200abf26dad541e4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7213DB0901612DEC720AFA6AE4561B7AE4AB87755310463FA504F3AE1EB7D8409CB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004079CB Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 323 4079cb-4079dc 324 407a4b-407a52 323->324 325 4079de-4079ed LoadLibraryA 323->325 326 407a90-407a97 324->326 327 407a54-407a58 324->327 328 4079f3-407a08 GetProcAddress 325->328 329 407a86-407a88 325->329 331 407a99-407a9f 326->331 332 407aaf-407ab8 326->332 338 407a77-407a7e 327->338 339 407a5a-407a6f 327->339 328->329 333 407a0a-407a2b GetProcAddress * 2 328->333 330 407abf-407ac3 329->330 331->332 340 407aa1-407aa8 331->340 332->330 333->324 334 407a2d-407a3c GetProcAddress 333->334 334->324 337 407a3e-407a46 GetProcAddress 334->337 337->324 341 407a80-407a84 338->341 342 407a8a-407a8e 338->342 339->338 345 407a71-407a75 339->345 340->332 343 407aaa-407aad 340->343 341->332 342->332 343->332 345->326 345->338
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll,0040C688,?,?), ref: 004079E3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004079FF
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00407A10
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00407A1D
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 00407A33
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 00407A44
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                                                                                                                                • API String ID: 2238633743-1612076079
                                                                                                                                                                                                                • Opcode ID: 8d967e6d5d3ea77e1b99d523427178ce235cf7ad7e0b157aa3f4cadde4028379
                                                                                                                                                                                                                • Instruction ID: 25ce550cc8c81a6bf61095fdddd8162f4a913b3c61faec792207559ca585254f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d967e6d5d3ea77e1b99d523427178ce235cf7ad7e0b157aa3f4cadde4028379
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE217831B44206AED7119FB49D88BAF3AA8A744740B14817BE501F11D1DBBCED40CF6E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00406048 Relevance: 16.8, APIs: 11, Instructions: 309COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 347 406048-40605c call 404b30 350 406096-406099 347->350 351 40605e-406077 LCMapStringW 347->351 352 4060b6-4060be 350->352 353 40609b-40609e 350->353 354 406081-40608a GetLastError 351->354 355 406079-40607f 351->355 357 4062a0-4062ae 352->357 358 4060c4-4060c6 352->358 356 4060a1-4060a4 353->356 354->350 359 40608c 354->359 355->350 362 4060a6-4060a9 356->362 363 4060ae-4060b3 356->363 360 4062b0-4062b5 357->360 361 4062b8-4062bb 357->361 358->357 364 4060cc-4060cf 358->364 359->350 360->361 365 4062c5-4062d4 call 408cf8 361->365 366 4062bd-4062c2 361->366 362->356 367 4060ab 362->367 363->352 368 4060d5-4060e3 364->368 369 4062d6-4062d8 364->369 365->369 378 4062dd-4062e0 365->378 366->365 367->363 372 4060e5-4060ea 368->372 373 4060ed-406115 MultiByteToWideChar 368->373 371 406415-40641d call 404b6b 369->371 372->373 373->369 375 40611b-40615c call 405940 373->375 386 40617a-406191 MultiByteToWideChar 375->386 387 40615e-40616d call 403a85 375->387 380 4062e6-406300 call 408d3f 378->380 381 4063d8-4063f0 LCMapStringA 378->381 380->369 397 406302-40631b LCMapStringA 380->397 383 4063f2-4063f5 381->383 388 406400-406405 383->388 389 4063f7-4063ff call 40396d 383->389 392 406197-4061b0 LCMapStringW 386->392 393 40627d-406280 386->393 387->369 406 406173 387->406 395 406413 388->395 396 406407-40640a 388->396 389->388 392->393 399 4061b6-4061ba 392->399 401 406282-40628a call 40396d 393->401 402 40628b-40628e 393->402 395->371 396->395 403 40640c-406412 call 40396d 396->403 404 406321-40635a call 405940 call 408490 397->404 405 4063c7 397->405 407 4061e9-40622a call 405940 399->407 408 4061bc-4061bf 399->408 401->402 411 406290-406298 call 40396d 402->411 412 406299-40629b 402->412 403->395 433 40635c-406369 call 403a85 404->433 434 40637f-40639a LCMapStringA 404->434 414 4063ca-4063cd 405->414 406->386 431 406244-40625a LCMapStringW 407->431 432 40622c-40623b call 403a85 407->432 408->393 416 4061c5-4061c8 408->416 411->412 412->371 414->383 415 4063cf-4063d6 call 40396d 414->415 415->383 416->393 424 4061ce-4061e4 LCMapStringW 416->424 424->393 431->393 435 40625c-406261 431->435 432->393 443 40623d 432->443 442 40639c-40639e 433->442 447 40636b-406378 call 408490 433->447 441 4063a0-4063c5 call 408d3f 434->441 434->442 439 406263-406265 435->439 440 406267-40626a 435->440 445 40626d-40627b WideCharToMultiByte 439->445 440->445 441->414 442->414 443->431 445->393 447->434
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,0040C8C8,00000001,00000000,00000000,0040C8D0,0000003C,004071AC,00000100,?,00000100,?,00000100,00000000,00000001), ref: 0040606F
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00406081
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0040C8D0,0000003C,004071AC,00000100,?,00000100,?,00000100,00000000,00000001), ref: 00406108
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00406189
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 004061A3
                                                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 004061DE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1775797328-0
                                                                                                                                                                                                                • Opcode ID: eda41d77c3ec3e3d6bd0e53f13eef0aabd6a40a47d126ff26a0a0c8ffeba36e2
                                                                                                                                                                                                                • Instruction ID: f43efbe1db1699ed184676c1af19036fa4fff88c67840055bed50d345954ccb9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: eda41d77c3ec3e3d6bd0e53f13eef0aabd6a40a47d126ff26a0a0c8ffeba36e2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AB13872800119EFCF11AFA4DD859EE7BB5FF08314F11423AF916B62A0D7398961DB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040A0C8 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 235COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 451 40a0c8-40a136 452 40a138-40a13c 451->452 453 40a13e 451->453 454 40a142-40a148 452->454 453->454 455 40a157-40a15a 454->455 456 40a14a-40a14c 454->456 457 40a1d4-40a223 call 40aa47 455->457 458 40a15c-40a168 455->458 456->455 459 40a14e-40a151 456->459 471 40a235-40a23f 457->471 472 40a225-40a234 call 40a811 457->472 461 40a170-40a176 458->461 462 40a16a-40a16e 458->462 459->455 460 40a24a-40a24e 459->460 467 40a34f-40a362 460->467 464 40a17f-40a182 461->464 465 40a178-40a17d 461->465 462->461 462->464 469 40a184-40a18a 464->469 470 40a199-40a19b 464->470 468 40a1c5-40a1d2 call 404820 465->468 473 40a32f-40a336 467->473 490 40a1b5-40a1bb 468->490 469->470 475 40a18c-40a190 469->475 477 40a1c0 470->477 478 40a19d-40a1a1 470->478 479 40a241-40a248 471->479 480 40a253-40a256 471->480 472->471 481 40a337 call 407c25 473->481 475->477 484 40a192-40a197 475->484 477->468 478->477 486 40a1a3 478->486 479->460 479->480 487 40a258-40a25a 480->487 488 40a25b-40a26a 480->488 482 40a33c-40a33d 481->482 491 40a1a8-40a1b1 call 404820 484->491 486->491 487->488 489 40a271-40a27e call 409b45 488->489 497 40a280-40a282 489->497 492 40a32c 490->492 491->490 492->473 498 40a284-40a28c 497->498 499 40a29b-40a2a6 497->499 498->499 500 40a28e-40a299 call 409b73 498->500 501 40a2f8-40a302 499->501 502 40a2a8 499->502 500->499 503 40a344-40a346 501->503 504 40a304 501->504 506 40a2ab-40a2f3 call 409b45 * 2 call 409ae7 call 409b45 502->506 507 40a348-40a34a 503->507 508 40a33e-40a341 503->508 509 40a30f-40a311 504->509 527 40a2f5 506->527 513 40a34c 507->513 514 40a31d-40a327 507->514 508->507 512 40a343 508->512 515 40a313-40a315 509->515 516 40a306-40a309 509->516 512->503 513->467 514->492 519 40a317-40a318 515->519 520 40a31b 515->520 516->515 518 40a30b-40a30e 516->518 518->509 519->520 520->514 527->501
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strcat$___shr_12
                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                                                                                                                                                                • API String ID: 1152255961-4131533671
                                                                                                                                                                                                                • Opcode ID: d5040f156efe3a8882a38f7dd3248287629fa64d05780d123f0f43086cb7a794
                                                                                                                                                                                                                • Instruction ID: 6b22bf3bd2014f22b719cc5878b5a75aafd4179cf78c29ae2b6b87ff5688801b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5040f156efe3a8882a38f7dd3248287629fa64d05780d123f0f43086cb7a794
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE91B232C0439A8EDF11DBA8C8447EEBBB4AF15314F0445BBD851BB2C2D3789A15C76A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408D3F Relevance: 12.2, APIs: 8, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 528 408d3f-408d7d call 404b30 531 408d83-408d90 GetCPInfo 528->531 532 408ef4 528->532 534 408d92-408d96 531->534 535 408db4-408db7 531->535 533 408ef7-408efa 532->533 538 408f03 533->538 539 408efc-408f02 call 40396d 533->539 534->535 540 408d98-408da7 GetCPInfo 534->540 536 408dd1 535->536 537 408db9-408dbc 535->537 544 408dd4-408dd7 536->544 541 408dc2-408dcb call 404920 537->541 542 408dbe-408dc0 537->542 545 408f06-408f0c 538->545 539->538 540->535 546 408da9-408daf 540->546 547 408dcc-408dcf 541->547 542->547 550 408df3-408e39 call 405940 call 408490 544->550 551 408dd9-408df1 MultiByteToWideChar 544->551 552 408f0e call 407c25 545->552 546->535 553 408db1 546->553 547->544 564 408e59-408e6e MultiByteToWideChar 550->564 565 408e3b-408e3c 550->565 551->550 555 408e4b-408e4d 551->555 557 408f13-408f18 call 404b6b 552->557 553->535 555->545 564->533 567 408e74-408e77 564->567 566 408e3e call 406fac 565->566 568 408e43-408e49 566->568 569 408e99-408e9c 567->569 570 408e79-408e8f WideCharToMultiByte 567->570 568->555 571 408e52 568->571 573 408eb4-408eb5 569->573 574 408e9e-408eb2 WideCharToMultiByte 569->574 570->533 572 408e91-408e97 570->572 571->564 572->533 575 408eb7 call 406fac 573->575 574->533 574->573 576 408ebc-408ec3 575->576 576->533 577 408ec5-408ed7 WideCharToMultiByte 576->577 578 408ee7-408eeb 577->578 579 408ed9-408ee5 call 40396d 577->579 578->533 580 408eed-408ef2 578->580 579->533 580->533
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCPInfo.KERNEL32(?,?,0040D020,00000044,00408140,?,00000000,?,?,00000000,00000000,0040CEE8,0000001C,00407188,00000001,?), ref: 00408D88
                                                                                                                                                                                                                • GetCPInfo.KERNEL32(?,?), ref: 00408D9F
                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00408DC3
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 00408DE4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Info$ByteCharMultiWide_strlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1335377746-0
                                                                                                                                                                                                                • Opcode ID: 2a4af2ec0fec23230070bf0e600324260cc5e292eb2be5d0776db7c2ef432e60
                                                                                                                                                                                                                • Instruction ID: 98ded046f11d0e48a535a09fc71370aae2c8e2dc3e52fffd855e46eda7b29d9b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a4af2ec0fec23230070bf0e600324260cc5e292eb2be5d0776db7c2ef432e60
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50516A71900258EBCF209FA5ED849AFBBB9EF84714B20023EF455B62D1DB385941CB68
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00403690 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 583 403690-4036e2 call 404b30 call 405940 GetVersionExA 588 4036f0-40370a GetModuleHandleA 583->588 589 4036e4-4036ea 583->589 590 40372b-40372e 588->590 591 40370c-403717 588->591 589->588 593 403757-403761 call 4058e8 590->593 591->590 592 403719-403722 591->592 594 403743-403747 592->594 595 403724-403729 592->595 602 403763-40376a call 40366c 593->602 603 40376b 593->603 594->590 598 403749-40374b 594->598 595->590 597 403730-403737 595->597 597->590 600 403739-403741 597->600 601 403751-403754 598->601 600->601 601->593 602->603 604 40376b call 404609 603->604 607 403770-403772 604->607 608 403774-40377b call 40366c 607->608 609 40377c-40378b call 405846 call 405648 607->609 608->609 616 403795-4037a5 GetCommandLineA call 405526 609->616 617 40378d-403794 call 403647 609->617 622 4037aa call 405484 616->622 617->616 623 4037af-4037b1 622->623 624 4037b3-4037ba call 403647 623->624 625 4037bb-4037c2 call 405251 623->625 624->625 630 4037c4-4037cb call 403647 625->630 631 4037cc-4037d9 call 404d72 625->631 630->631 636 4037e2-4037fb GetStartupInfoA call 4051f4 631->636 637 4037db-4037e1 call 403647 631->637 642 403803-403805 636->642 643 4037fd-403801 636->643 637->636 644 403806-40381c GetModuleHandleA call 401bf0 642->644 643->644 647 403824-403864 call 404ec1 call 404b6b 644->647 648 40381e-40381f call 404e9f 644->648 648->647
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,0040C190,00000060), ref: 004036B0
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,?,0040C190,00000060), ref: 00403703
                                                                                                                                                                                                                • _fast_error_exit.LIBCMT ref: 00403765
                                                                                                                                                                                                                • _fast_error_exit.LIBCMT ref: 00403776
                                                                                                                                                                                                                • GetCommandLineA.KERNEL32(?,0040C190,00000060), ref: 00403795
                                                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 004037E9
                                                                                                                                                                                                                • __wincmdln.LIBCMT ref: 004037EF
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0040380C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3897392166-0
                                                                                                                                                                                                                • Opcode ID: 9c956490cd0ef6cdeec4a1da72f907820a9421600ba069b3eb156e0b173a419d
                                                                                                                                                                                                                • Instruction ID: e9453c6a2f5d6823cc90b25b88a1497c071f8e020ad53a4fb91da1993a80149c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c956490cd0ef6cdeec4a1da72f907820a9421600ba069b3eb156e0b173a419d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F741E3F1D006109ACB21BF76984576E3AA8AF44715F10843FF514BB2D1EB7D8982CB5C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405526 Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 655 405526-405540 656 405542-405548 GetEnvironmentStringsW 655->656 657 40556f-405572 655->657 660 405556-40555f GetLastError 656->660 661 40554a-405554 656->661 658 4055f1-4055f3 657->658 659 405574-405576 657->659 664 4055f5-4055f7 658->664 665 4055fd-405607 GetEnvironmentStrings 658->665 666 405580-405585 659->666 667 405578-40557e GetEnvironmentStringsW 659->667 662 405561-405568 660->662 663 40556a 660->663 661->659 662->657 663->657 664->665 668 4055f9-4055fb 664->668 665->668 669 405609-40560b 665->669 670 405595-4055b2 WideCharToMultiByte 666->670 671 405587-40558c 666->671 667->666 667->668 672 405641-405647 668->672 673 405617-405627 call 403a85 669->673 674 40560d-405610 669->674 676 4055b4-4055c1 call 403a85 670->676 677 4055e6-4055ef FreeEnvironmentStringsW 670->677 671->671 675 40558e-405593 671->675 683 405629-40562b 673->683 684 40562d-405635 call 407c80 673->684 674->674 678 405612-405615 674->678 675->670 675->671 676->677 685 4055c3-4055d2 WideCharToMultiByte 676->685 677->672 678->673 678->674 686 405638-40563f FreeEnvironmentStringsA 683->686 684->686 687 4055e2 685->687 688 4055d4-4055de call 40396d 685->688 686->672 687->677 688->687
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,004037A5,?,0040C190,00000060), ref: 00405542
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,004037A5,?,0040C190,00000060), ref: 00405556
                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,004037A5,?,0040C190,00000060), ref: 00405578
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,74DF0A60,00000000,?,?,?,?,004037A5), ref: 004055AC
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,004037A5,?,0040C190,00000060), ref: 004055CE
                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,004037A5,?,0040C190,00000060), ref: 004055E7
                                                                                                                                                                                                                • GetEnvironmentStrings.KERNEL32(74DF0A60,00000000,?,?,?,?,004037A5,?,0040C190,00000060), ref: 004055FD
                                                                                                                                                                                                                • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00405639
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 883850110-0
                                                                                                                                                                                                                • Opcode ID: 1b62812d8c18c4acd52bb17ed3a719e16aff50a8c864b2ae8fdf9bc6dc10d3cf
                                                                                                                                                                                                                • Instruction ID: 1bfd60ad3e6b07029dc0b80febb03ae7efd657d13a2cda291ce096aee0de3c69
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b62812d8c18c4acd52bb17ed3a719e16aff50a8c864b2ae8fdf9bc6dc10d3cf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB3157B2505514BFD7202FB4ACC483BBB9DEA453887150A3FF545F3280E2398C848EAD
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407FBD Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(00000001,0040C8C8,00000001,?,0040CEE8,0000001C,00407188,00000001,?,00000100,?,00000000), ref: 00407FE1
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00407FF3
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0040CEE8,0000001C,00407188,00000001,?,00000100,?,00000000), ref: 00408055
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 004080D3
                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,?,00000000,?,?,00000000), ref: 004080E5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3581945363-0
                                                                                                                                                                                                                • Opcode ID: 5eb667921d2ca199136c7c9365ffe6f67fb0b0b229ad9aaa6095b9b35e960bbd
                                                                                                                                                                                                                • Instruction ID: 7fdf1af5d7f6dac8fa598b9687eaa9e1332da84d49fdb60aab15f4b6ac560e40
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eb667921d2ca199136c7c9365ffe6f67fb0b0b229ad9aaa6095b9b35e960bbd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD419271800219EBCB219F64DE45A9F3B75EF48760F21423EF850BA2D0DB798D51CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004076B0 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00404BBD,?), ref: 00407763
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(004102C0,00000001), ref: 004077E1
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(004102C0,00000000), ref: 00407846
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(004102C0,00000001), ref: 0040786A
                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(004102C0,00000000), ref: 004078CA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExchangeInterlocked$QueryVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2947987494-0
                                                                                                                                                                                                                • Opcode ID: df9009ab3260fa7afde9ba866049477676ed498d70e5e28cb3271675c4a18f10
                                                                                                                                                                                                                • Instruction ID: bf1234e5598a04d8764753305695c94a92d500e332b62daa89183cc5d9e5975b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df9009ab3260fa7afde9ba866049477676ed498d70e5e28cb3271675c4a18f10
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1751E632E486059BDB24AB28C9CC76A73A1AB41354F24C57BD402B72D1D7B9FC82C75E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405648 Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 004056A5
                                                                                                                                                                                                                • GetFileType.KERNEL32(?), ref: 0040574F
                                                                                                                                                                                                                • GetStdHandle.KERNEL32(-000000F6), ref: 004057D0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileHandleInfoStartupType
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2461013171-0
                                                                                                                                                                                                                • Opcode ID: a88f8367689266aa1a3c7dd8d10ecd5462545b0e669837fb7a83b374dae2b360
                                                                                                                                                                                                                • Instruction ID: f0a0bf461f02c66beb8165d9eaa4d4a50f14239633c4fff051fd597669cb6141
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a88f8367689266aa1a3c7dd8d10ecd5462545b0e669837fb7a83b374dae2b360
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB51E335504B01CFC7108F28D8847673BE4EB51324F188A3ED5AAEB2E1E739D415DB19
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040960C Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 7499bc1b7c0ff0daa8f79ce073473e4c1681531e546d62d2628351a1a58da7d5
                                                                                                                                                                                                                • Instruction ID: 11f0b05556c6b4945deb17a8797988e9a32bc3b6c2b7ed5b152346591b5af7f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7499bc1b7c0ff0daa8f79ce073473e4c1681531e546d62d2628351a1a58da7d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2941B0B2C10126DBCF20AFA69C849AF7A78EB41314B11423BF915B72E2D73D4D41CA9D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00408F19 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00408F33
                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00408F44
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00408F8A
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00408FC8
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 00408FEE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4136887677-0
                                                                                                                                                                                                                • Opcode ID: 931880f09a7b8799672eeee32bec0488656731e09d14bde5189d27f21a135e06
                                                                                                                                                                                                                • Instruction ID: 7af54ca418a8577f784fc3a9b8d38b3b4a141d2c4f6365ff30f4cd84b1fad7f2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 931880f09a7b8799672eeee32bec0488656731e09d14bde5189d27f21a135e06
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B319132D4021AEBDF10CBA4DE85AEEBB79EB44354F14417AE941F7281DB349A40DB98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404451 Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00407630,00404AC0,00000000,0040C288,00000008,00404B17,?,?,?,00403990,00000004,0040C1A0,0000000C,00404A17), ref: 00404453
                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,00403990,00000004,0040C1A0,0000000C,00404A17,00000000,?,004046F3,?,0040C190,00000060), ref: 00404461
                                                                                                                                                                                                                • FlsSetValue.KERNEL32(00000000,?,00403990,00000004,0040C1A0,0000000C,00404A17,00000000,?,004046F3,?,0040C190,00000060), ref: 00404488
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004044A0
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00403990,00000004,0040C1A0,0000000C,00404A17,00000000,?,004046F3,?,0040C190,00000060), ref: 004044B7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastValue$CurrentThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 526964173-0
                                                                                                                                                                                                                • Opcode ID: b498fd98db1836464a09ae74a34d580fd959ea9ba54de7835484102509639f8b
                                                                                                                                                                                                                • Instruction ID: a958845bf67c746e94c037588b4b02eddeecfebde4ba9dea18433d7c61a017f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b498fd98db1836464a09ae74a34d580fd959ea9ba54de7835484102509639f8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CF0C2B1501712DFD7301FA4AD097463AA4AB007A5B10463AFA52B6AD2DB7D8804879C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409834 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040984F
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040985B
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00409863
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040986B
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00409877
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                • Opcode ID: efa59f98ff7119501ac51c70d9e67a40b5d290f8c160f088a4b5fd89ed3ff139
                                                                                                                                                                                                                • Instruction ID: 02dabd53c79f0e0a81b012631f59df793984f9b0e9e9ce028ca4bb8b10a91328
                                                                                                                                                                                                                • Opcode Fuzzy Hash: efa59f98ff7119501ac51c70d9e67a40b5d290f8c160f088a4b5fd89ed3ff139
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17F0FF72C00124DBDB20ABF4EE4859AB7B8FF192407458575D801FB251E6349900CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004075A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,0040CE48,00000010,004049D6,00000000,00000FA0,74DF0A60,00000000,0040460E,00403770,?,0040C190,00000060), ref: 004075C3
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 004075D3
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • kernel32.dll, xrefs: 004075BE
                                                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount, xrefs: 004075CD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                                                                                                • API String ID: 1646373207-3733552308
                                                                                                                                                                                                                • Opcode ID: f5ed0be1a3047369d037fb3e1fde1f139ea0a76e91afbb22d3c9f06fd14ed7c5
                                                                                                                                                                                                                • Instruction ID: 203e7eca569bbd6ed868e4e9953cb6c75d134ac5bf1c6538d821a508107e0ead
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5ed0be1a3047369d037fb3e1fde1f139ea0a76e91afbb22d3c9f06fd14ed7c5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90F09030A44605EBCF146FB49C897CA3AA4BB44314F50827AA411F11E0D77CE9459A1D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0040601F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,004038E2), ref: 00406024
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00406034
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                • Opcode ID: f587656f110363da11810522b5beaaa3d15f5bda615f8063ad4188aa4cfc5f19
                                                                                                                                                                                                                • Instruction ID: 5b7d9587e42d2cf9dd33b1b8e91cc260946d204f1a1661c68c96989c8c8a41fc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f587656f110363da11810522b5beaaa3d15f5bda615f8063ad4188aa4cfc5f19
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49C012A0380201E6EA302BE2AD89F1722484B00B02F244236A80BF01C0EA7CC600942D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404185 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 195COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00404060: _UnwindNestedFrames.LIBCMT ref: 00404083
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(004041AA,00000003), ref: 00407594
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalFramesInitializeNestedSectionUnwind
                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                • API String ID: 2222982843-393685449
                                                                                                                                                                                                                • Opcode ID: bee5369a0ea08069eecdecf8817e2882068670c7453447436f2fe622aa13b981
                                                                                                                                                                                                                • Instruction ID: b8aadbcd0020964f6440c18cd8b1ee8fbd8776e5c812a45703f1f7bd4425f420
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bee5369a0ea08069eecdecf8817e2882068670c7453447436f2fe622aa13b981
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 937190B1A00209DFCF14EF95C881AAE77B5BF84315F1440AAFA14BB2D2C739D951CB99
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405251 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strlen$___initmbctable_strcat
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 109824703-0
                                                                                                                                                                                                                • Opcode ID: 90967aa605f4e6f8f63d8f650d75b43aeb99eff316012a03af253b09e6850dc3
                                                                                                                                                                                                                • Instruction ID: 6eba22a2f67460ffd36e7a8ee9f3ca4ce05e733ea58928ed84a39a423c0345d1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90967aa605f4e6f8f63d8f650d75b43aeb99eff316012a03af253b09e6850dc3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C91124B29089055AD7216F35BC0156B3B98EF02324764417FE590732E1DB3D1846DF8C
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00409AE7 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ___addl
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2260456530-0
                                                                                                                                                                                                                • Opcode ID: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                                                                                                                • Instruction ID: f45adf0bcf02cf876cd21b519aee2ffaca28be1334e598c672f476833fa9aecc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37F04F76500106AFDA109A42EC01957B7B9FF84314B08443AFD5896172E732EC68CB52
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405CBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __shift_strcat_strlen
                                                                                                                                                                                                                • String ID: e+000
                                                                                                                                                                                                                • API String ID: 208078240-1027065040
                                                                                                                                                                                                                • Opcode ID: c1c98124c0f99fd6e6a30ec725cc13b08b8514032dacf38be5e4f61e373e1ea2
                                                                                                                                                                                                                • Instruction ID: 2ff7f9cc5d3d03df526acbee499e9ac8987a9be90bdc81caf83370e077f4feb5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1c98124c0f99fd6e6a30ec725cc13b08b8514032dacf38be5e4f61e373e1ea2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A821C3362087944FD72A5E389C943A63BD09F02358F1C84BFE085DA2D2D67DC985CB55
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405484 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ___initmbctable.LIBCMT ref: 00405496
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe,00000104,74DF0A60,00000000,?,?,?,?,004037AF,?,0040C190,00000060), ref: 004054AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe, xrefs: 004054A0, 004054A5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileModuleName___initmbctable
                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\{A81A974F-8A22-43E6-9243-5198FF758DA1}\VistaCookiesCollector.exe
                                                                                                                                                                                                                • API String ID: 767393020-439077991
                                                                                                                                                                                                                • Opcode ID: 383d1cd94c64c2905cd51488bdcef44c5a300afd0e2e74a96abd786d926571ba
                                                                                                                                                                                                                • Instruction ID: 12db10d1739c1ce9a2eb1c697f3fa6b03e7167528f25e80479e9fc4fd325dec1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 383d1cd94c64c2905cd51488bdcef44c5a300afd0e2e74a96abd786d926571ba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C311EB72A04608ABD711DBA9EC415DF7BA8EB85360F10017FF905F3291D6B89E40CF98
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004067A9 Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00406D9A,00000000,?,00000000), ref: 004067D0
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00406D9A,00000000,?,00000000), ref: 00406809
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00406827
                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 0040683E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000005.00000002.1791137495.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791115649.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791161911.000000000040C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791182257.000000000040F000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000005.00000002.1791201952.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_400000_VistaCookiesCollector.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3499195154-0
                                                                                                                                                                                                                • Opcode ID: 61b92e8b457bdb883c0454994ea8a933c70806de892cf2ba588443b70bb7c510
                                                                                                                                                                                                                • Instruction ID: bb5112fb84cc6387e033f6faaa2c997ccf0f61fea12e7994c21ab49bfeb29561
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61b92e8b457bdb883c0454994ea8a933c70806de892cf2ba588443b70bb7c510
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93116A71240200DFD7219F58ED85AA27BBAFB913547258A3AF252E65F0D3329852CB08
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:4.3%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:51.3%
                                                                                                                                                                                                                Signature Coverage:6.9%
                                                                                                                                                                                                                Total number of Nodes:1834
                                                                                                                                                                                                                Total number of Limit Nodes:71
                                                                                                                                                                                                                execution_graph 48895 802f04 48896 802f21 48895->48896 48897 802f18 48895->48897 48899 802f4a EnterCriticalSection 48896->48899 48901 802f54 48896->48901 48904 802f29 48896->48904 48913 802818 InitializeCriticalSection EnterCriticalSection LocalAlloc LeaveCriticalSection 48897->48913 48899->48901 48900 802f1d 48900->48896 48900->48904 48901->48904 48907 802e10 48901->48907 48905 803075 LeaveCriticalSection 48906 80307f 48905->48906 48910 802e20 48907->48910 48908 802e4c 48912 802e70 48908->48912 48919 802c24 48908->48919 48910->48908 48910->48912 48914 802d84 48910->48914 48912->48905 48912->48906 48913->48900 48923 8025d8 48914->48923 48916 802d94 48918 802da1 48916->48918 48932 802cf8 9 API calls 48916->48932 48918->48910 48920 802c79 48919->48920 48921 802c42 48919->48921 48920->48921 48951 802b74 48920->48951 48921->48912 48926 8025f4 48923->48926 48925 8025fe 48933 8024c4 48925->48933 48926->48925 48929 80264f 48926->48929 48930 80260a 48926->48930 48937 802330 48926->48937 48945 80222c LocalAlloc 48926->48945 48946 80240c 48929->48946 48930->48916 48932->48918 48935 80250a 48933->48935 48934 80253a 48934->48930 48935->48934 48936 802526 VirtualAlloc 48935->48936 48936->48934 48936->48935 48938 80233f VirtualAlloc 48937->48938 48940 80236c 48938->48940 48941 80238f 48938->48941 48950 8021e4 LocalAlloc 48940->48950 48941->48926 48943 802378 48943->48941 48944 80237c VirtualFree 48943->48944 48944->48941 48945->48926 48949 80243b 48946->48949 48947 802494 48947->48930 48948 802468 VirtualFree 48948->48949 48949->48947 48949->48948 48950->48943 48953 802b8a 48951->48953 48952 802c12 48952->48921 48953->48952 48954 802bb5 48953->48954 48955 802bc9 48953->48955 48964 80278c 48954->48964 48957 80278c 3 API calls 48955->48957 48958 802bc7 48957->48958 48958->48952 48974 802a50 9 API calls 48958->48974 48960 802bed 48961 802c07 48960->48961 48975 802aa4 9 API calls 48960->48975 48976 80229c LocalAlloc 48961->48976 48965 8027b2 48964->48965 48966 80280b 48964->48966 48977 802558 48965->48977 48966->48958 48970 8027cf 48971 8027e6 48970->48971 48972 80240c VirtualFree 48970->48972 48971->48966 48982 80229c LocalAlloc 48971->48982 48972->48971 48974->48960 48975->48961 48976->48952 48979 80258f 48977->48979 48978 8025cf 48981 80222c LocalAlloc 48978->48981 48979->48978 48980 8025a9 VirtualFree 48979->48980 48980->48979 48981->48970 48982->48966 48983 407e48 49008 40809c 48983->49008 48985 407e54 GetModuleHandleA 48986 407e69 __set_app_type __p__fmode __p__commode 48985->48986 48988 407efb 48986->48988 48989 407f14 48988->48989 48990 407f08 __setusermatherr 48988->48990 49009 40824c _controlfp 48989->49009 48990->48989 48992 407f19 _initterm 49010 407e30 48992->49010 48995 407f60 _amsg_exit 48996 407f68 _initterm 48995->48996 48997 407f80 48996->48997 48998 407ff5 _ismbblead 48997->48998 48999 407f92 GetStartupInfoA 48997->48999 49001 40803b 48997->49001 48998->48997 49002 407fb8 GetModuleHandleA 48999->49002 49013 402490 ??0CMutex@@QAE@PAG ?init@CMutex@@QAEXPAG ?IsAnotherInstanceRunning@CMutex@ 49002->49013 49005 407fcd 49006 407fd7 exit 49005->49006 49007 407fde _cexit 49005->49007 49006->49007 49007->49001 49008->48985 49009->48992 49031 407e0a 49010->49031 49012 407e39 __getmainargs 49012->48995 49012->48996 49014 4024e2 ??1CMutex@@UAE 49013->49014 49015 40250d #17 49013->49015 49014->49005 49016 40253a 49015->49016 49017 40253e CreateDialogParamW 49015->49017 49016->49017 49017->49014 49018 402559 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49017->49018 49034 402430 49018->49034 49022 402582 49058 402a00 49022->49058 49025 4025a2 GetMessageW 49026 4025ef KiUserCallbackDispatcher ??1CMutex@@UAE 49025->49026 49027 4025b8 49025->49027 49026->49005 49028 4025c0 IsDialogMessageW 49027->49028 49029 4025cb TranslateMessage DispatchMessageW 49028->49029 49030 4025df KiUserCallbackDispatcher 49028->49030 49029->49030 49030->49026 49030->49028 49032 407e13 _onexit 49031->49032 49033 407e19 __dllonexit 49031->49033 49032->49033 49033->49012 49035 402454 49034->49035 49036 402476 49034->49036 49064 402390 InitializeCriticalSection _callnewh ?_Nomemory@std@ malloc 49035->49064 49040 402160 ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ 49036->49040 49038 40246c 49039 407e30 2 API calls 49038->49039 49039->49036 49041 402191 ??0CErrIllegalArgumentException@@QAE _CxxThrowException 49040->49041 49042 4021aa ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 49040->49042 49041->49042 49065 402020 49042->49065 49044 4021c8 49045 4021cc ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 49044->49045 49046 4021ee 49044->49046 49071 401e30 7 API calls 49045->49071 49072 4013c0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 49046->49072 49049 4021ea 49051 402267 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49049->49051 49050 4021fc EnterCriticalSection 49073 401580 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 49050->49073 49051->49022 49053 40221e 49074 401f00 11 API calls 49053->49074 49055 402231 49075 401440 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49055->49075 49057 40223f LeaveCriticalSection ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49057->49051 49059 402a24 49058->49059 49060 402598 49058->49060 49084 402620 49059->49084 49060->49025 49060->49026 49063 407e30 2 API calls 49063->49060 49064->49038 49076 401700 49065->49076 49069 40205c 49070 40206c ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49069->49070 49070->49044 49071->49049 49072->49050 49073->49053 49074->49055 49075->49057 49077 40173e 49076->49077 49078 401711 49076->49078 49080 405b20 49077->49080 49078->49077 49079 401720 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49078->49079 49079->49078 49081 405b5e 49080->49081 49082 405b31 49080->49082 49081->49069 49082->49081 49083 405b40 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49082->49083 49083->49082 49085 40266b 49084->49085 49108 407c70 49085->49108 49088 40269f 49118 402a90 49088->49118 49091 4026cb 49092 4026ea ?getConfigManager@CConfigManager@@SAAAV1 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ 49091->49092 49093 4026cf ?MessageBoxInitError@@YAXH 49091->49093 49094 402715 7 API calls 49092->49094 49095 40278c ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ 49092->49095 49099 402897 49093->49099 49094->49095 49097 4027d1 49095->49097 49097->49099 49100 407c70 3 API calls 49097->49100 49123 4053b0 49099->49123 49101 4027e8 49100->49101 49102 4027f8 ??0CUpdateManager@@QAE 49101->49102 49103 40280b 49101->49103 49102->49103 49104 407c70 3 API calls 49103->49104 49105 402835 49104->49105 49106 402864 ?start@CUpdateAgent@ 49105->49106 49107 402845 ??0CUpdateAgent@@QAE ?start@CUpdateAgent@ 49105->49107 49106->49099 49107->49099 49109 407c88 malloc 49108->49109 49110 40268a 49109->49110 49111 407c77 _callnewh 49109->49111 49110->49088 49113 4059a0 49110->49113 49111->49109 49112 407c82 ?_Nomemory@std@ 49111->49112 49112->49109 49135 401850 49113->49135 49119 402aa7 49118->49119 49120 402aaf AdaptersProxyInitialize 49118->49120 49119->49091 49121 402ad7 wsprintfW 49120->49121 49122 402ac9 49120->49122 49121->49091 49122->49091 49129 4053f5 49123->49129 49124 4028b2 49124->49063 49125 4054b2 ??3@YAXPAX 49130 4054be 49125->49130 49126 4051b0 20 API calls 49126->49129 49127 40552b ??3@YAXPAX 49127->49124 49129->49126 49131 40544e 49129->49131 49380 404ed0 49129->49380 49130->49124 49130->49127 49133 403d90 8 API calls 49130->49133 49131->49125 49131->49130 49132 403d90 8 API calls 49131->49132 49134 40549b ??3@YAXPAX 49132->49134 49133->49130 49134->49131 49136 407c70 3 API calls 49135->49136 49137 401857 49136->49137 49138 4079f0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ RegOpenKeyExW 49137->49138 49139 407a73 49138->49139 49140 407c1e ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49138->49140 49141 407a83 49139->49141 49142 407a7c RegCloseKey 49139->49142 49143 407c38 49140->49143 49141->49140 49163 405aa0 RegQueryValueExW 49141->49163 49142->49141 49144 4059fd 49143->49144 49145 407c3f RegCloseKey 49143->49145 49144->49088 49145->49144 49148 407ab8 ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@ 49153 407add 49148->49153 49149 407c12 49216 403860 49149->49216 49150 407b0b ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ RegOpenKeyExW 49152 407bec ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49150->49152 49150->49153 49152->49153 49154 407bfd RegCloseKey 49152->49154 49153->49149 49153->49150 49156 407b8e ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49153->49156 49165 407290 RegOpenKeyExW 49153->49165 49215 405160 10 API calls 49153->49215 49154->49153 49189 407920 35 API calls 49156->49189 49159 407bb7 49161 4051b0 20 API calls 49159->49161 49190 4051b0 49159->49190 49162 407bd0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49161->49162 49162->49153 49164 405ad7 49163->49164 49164->49140 49164->49148 49166 407306 49165->49166 49167 4073b2 49165->49167 49168 407310 RegCloseKey 49166->49168 49169 407317 49166->49169 49170 4073c5 49167->49170 49171 4073ba RegCloseKey 49167->49171 49168->49169 49169->49167 49221 4069c0 ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@ 49169->49221 49173 4073d8 49170->49173 49174 4073cd RegCloseKey 49170->49174 49171->49170 49287 4050d0 10 API calls 49173->49287 49174->49173 49177 407341 RegOpenKeyExW 49179 40738c 49177->49179 49180 40735e 49177->49180 49178 4073e9 49288 4050d0 10 API calls 49178->49288 49179->49167 49185 4051b0 20 API calls 49179->49185 49182 407368 RegCloseKey 49180->49182 49183 40736f 49180->49183 49182->49183 49183->49179 49186 4069c0 112 API calls 49183->49186 49184 4073fa 49184->49153 49187 4073a5 49185->49187 49186->49179 49188 4051b0 20 API calls 49187->49188 49188->49167 49189->49159 49191 4051c0 49190->49191 49192 405321 49190->49192 49193 4051df 49191->49193 49195 4051ee 49191->49195 49192->49159 49373 4050d0 10 API calls 49193->49373 49197 405213 49195->49197 49198 405278 49195->49198 49196 4051e6 49196->49159 49374 404fb0 13 API calls 49197->49374 49201 405299 49198->49201 49202 4052df 49198->49202 49200 405223 49375 405120 9 API calls 49200->49375 49376 404fb0 13 API calls 49201->49376 49204 4052fb 49202->49204 49377 405120 9 API calls 49202->49377 49378 403090 7 API calls 49204->49378 49205 405232 49205->49159 49208 4052ef ??3@YAXPAX 49208->49204 49209 4052b8 49212 405000 5 API calls 49209->49212 49211 40530a 49211->49192 49379 4050b0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ _callnewh ?_Nomemory@std@ malloc 49211->49379 49213 4052d0 49212->49213 49213->49159 49215->49152 49217 40386b 49216->49217 49218 40388f 49216->49218 49219 403882 ??3@YAXPAX 49217->49219 49220 403873 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49217->49220 49218->49140 49219->49218 49220->49219 49220->49220 49260 406a16 49221->49260 49222 40726c 49222->49167 49222->49177 49223 406a50 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ RegOpenKeyExW 49226 4071f0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49223->49226 49223->49260 49224 407263 ??3@YAXPAX 49224->49222 49225 40722f 49225->49222 49225->49224 49227 407250 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49225->49227 49228 40720a RegCloseKey 49226->49228 49226->49260 49227->49227 49230 40725f 49227->49230 49228->49260 49229 406abf RegCloseKey 49229->49260 49230->49224 49231 403210 3 API calls 49233 406cbe ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ?GetStringValue@@YAHAAVCRegKey@ATL@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@ ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49231->49233 49235 406ef8 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49233->49235 49236 406d38 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49233->49236 49237 407037 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49235->49237 49238 406f0f ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49235->49238 49240 4060a0 24 API calls 49236->49240 49244 4071ab ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49237->49244 49245 40704e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49237->49245 49241 4060a0 24 API calls 49238->49241 49243 406d68 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49240->49243 49246 406f3f ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49241->49246 49248 4060a0 24 API calls 49243->49248 49249 403d90 8 API calls 49244->49249 49250 4060a0 24 API calls 49245->49250 49252 4060a0 24 API calls 49246->49252 49247 4060a0 24 API calls 49253 406b99 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49247->49253 49254 406db4 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49248->49254 49255 4071db ??3@YAXPAX 49249->49255 49251 40707e ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49250->49251 49256 4060a0 24 API calls 49251->49256 49257 406f8b ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49252->49257 49258 4060a0 24 API calls 49253->49258 49259 4060a0 24 API calls 49254->49259 49255->49260 49261 4070ca ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49256->49261 49262 4060a0 24 API calls 49257->49262 49263 406be6 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49258->49263 49264 406e00 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49259->49264 49260->49223 49260->49225 49260->49226 49260->49229 49260->49231 49289 403210 49260->49289 49265 4060a0 24 API calls 49261->49265 49266 406fd7 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49262->49266 49267 4060a0 24 API calls 49263->49267 49268 4060a0 24 API calls 49264->49268 49269 407116 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49265->49269 49270 4060a0 24 API calls 49266->49270 49271 406c33 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@ 49267->49271 49272 406e4c ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49268->49272 49273 4060a0 24 API calls 49269->49273 49274 407023 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 49270->49274 49275 406c63 49271->49275 49276 4060a0 24 API calls 49272->49276 49279 407162 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 49273->49279 49280 407171 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@ 49274->49280 49304 406890 49275->49304 49308 403d90 49275->49308 49277 406e98 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49276->49277 49282 4060a0 24 API calls 49277->49282 49279->49280 49280->49244 49284 407191 49280->49284 49285 406ee4 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 49282->49285 49283 406c9e ??3@YAXPAX 49283->49260 49286 406890 20 API calls 49284->49286 49285->49280 49286->49244 49287->49178 49288->49184 49290 407c70 3 API calls 49289->49290 49291 403217 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49290->49291 49292 4060a0 49291->49292 49316 405bf0 49292->49316 49295 4060e0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49320 405a40 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 49295->49320 49296 4060ce ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49296->49295 49298 406132 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49296->49298 49298->49247 49299 4060fd 49321 405ee0 16 API calls 49299->49321 49301 406110 49322 402f00 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49301->49322 49303 406120 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49303->49298 49305 4068a0 49304->49305 49323 406520 49305->49323 49307 4068e2 49307->49275 49309 403da4 49308->49309 49315 403ddc 49308->49315 49311 403da8 49309->49311 49309->49315 49310 403e3b 49310->49283 49371 403820 ??3@YAXPAX 49311->49371 49313 403db3 49313->49283 49315->49310 49372 403520 7 API calls 49315->49372 49317 405c2e 49316->49317 49318 405c01 49316->49318 49317->49295 49317->49296 49318->49317 49319 405c10 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49318->49319 49319->49318 49320->49299 49321->49301 49322->49303 49355 404140 49323->49355 49325 4066c4 49327 403d90 8 API calls 49325->49327 49328 40680e ??3@YAXPAX 49327->49328 49328->49307 49329 4065ad 49331 4066ff 49329->49331 49343 4065d4 49329->49343 49332 406724 49331->49332 49333 4067b5 49331->49333 49335 405000 5 API calls 49332->49335 49334 405000 5 API calls 49333->49334 49336 4067cf 49334->49336 49337 40673c 49335->49337 49369 406230 13 API calls 49336->49369 49367 406420 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ _callnewh ?_Nomemory@std@ malloc 49337->49367 49340 4067e4 49370 406280 13 API calls 49340->49370 49341 406769 49368 406280 13 API calls 49341->49368 49344 407c70 3 API calls 49343->49344 49346 406626 49344->49346 49360 405000 49346->49360 49350 40665b 49351 405000 5 API calls 49350->49351 49352 40667d 49351->49352 49352->49325 49366 405120 9 API calls 49352->49366 49354 4066b8 ??3@YAXPAX 49354->49325 49356 403210 _callnewh ?_Nomemory@std@ malloc 49355->49356 49357 40416b 49356->49357 49358 403d00 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ _callnewh ?_Nomemory@std@ malloc 49357->49358 49359 40419c 49358->49359 49359->49325 49359->49329 49364 402bf0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ _CxxThrowException 49359->49364 49361 405030 49360->49361 49362 405094 49361->49362 49363 404140 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ _callnewh ?_Nomemory@std@ malloc 49361->49363 49365 406370 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ _callnewh ?_Nomemory@std@ malloc 49362->49365 49363->49361 49365->49350 49366->49354 49367->49341 49368->49325 49369->49340 49370->49325 49371->49313 49372->49315 49373->49196 49374->49200 49375->49205 49376->49209 49377->49208 49378->49211 49379->49192 49381 404f48 49380->49381 49382 404efe 49380->49382 49383 404f9c 49381->49383 49410 404c10 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49381->49410 49382->49381 49386 404aa0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49382->49386 49383->49129 49387 404140 5 API calls 49386->49387 49388 404b19 49387->49388 49443 406150 49388->49443 49390 404b21 49391 404b2c ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49390->49391 49392 404bbe ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49390->49392 49393 404b50 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49391->49393 49394 404b44 49391->49394 49395 403860 2 API calls 49392->49395 49397 404b62 49393->49397 49398 404b6e ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49393->49398 49452 404200 7 API calls 49394->49452 49399 404bea 49395->49399 49491 404570 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49397->49491 49398->49392 49400 404b80 49398->49400 49399->49382 49536 404730 58 API calls 49400->49536 49401 404b4e 49401->49392 49404 404140 5 API calls 49401->49404 49405 404ba3 49404->49405 49511 404960 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49405->49511 49407 404ba8 49524 404070 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI 49407->49524 49409 404bb8 49409->49392 49411 404140 5 API calls 49410->49411 49412 404ca7 49411->49412 49413 406150 13 API calls 49412->49413 49414 404cb0 49413->49414 49415 404e74 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49414->49415 49416 404cbb ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49414->49416 49417 403860 2 API calls 49415->49417 49418 404140 5 API calls 49416->49418 49419 404ebc 49417->49419 49420 404ce4 49418->49420 49419->49381 49421 406150 13 API calls 49420->49421 49422 404ced 49421->49422 49422->49415 49423 404cf8 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49422->49423 49424 404140 5 API calls 49423->49424 49425 404d24 49424->49425 49426 406150 13 API calls 49425->49426 49427 404d2d 49426->49427 49427->49415 49428 404d38 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?GetStringValue@@YAHAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0V12@0 49427->49428 49428->49415 49429 404d6a 49428->49429 49430 404d77 ??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI 49429->49430 49431 404e1c ??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI 49429->49431 49433 404d83 49430->49433 49434 404de5 49430->49434 49431->49415 49432 404e28 ?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?SetStringValue@@YAHAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0V12@0 49431->49432 49432->49415 49550 401120 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49433->49550 49434->49415 49437 404140 5 API calls 49434->49437 49436 404d98 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?SetStringValue@@YAHAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0V12@0 49436->49434 49438 404e00 49437->49438 49439 404960 38 API calls 49438->49439 49440 404e05 49439->49440 49441 404070 41 API calls 49440->49441 49442 404e15 49441->49442 49442->49415 49444 405bf0 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49443->49444 49445 406180 49444->49445 49446 40618c ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49445->49446 49447 4061a6 49445->49447 49446->49447 49448 4061ba ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 49447->49448 49449 4061ce 49447->49449 49448->49449 49450 403d90 8 API calls 49449->49450 49451 4061e7 ??3@YAXPAX ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49450->49451 49451->49390 49453 404140 5 API calls 49452->49453 49454 4042aa 49453->49454 49455 406150 13 API calls 49454->49455 49456 4042b3 49455->49456 49457 4042c0 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49456->49457 49458 4044f4 6 API calls 49456->49458 49457->49458 49459 4042da ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49457->49459 49458->49401 49460 404140 5 API calls 49459->49460 49461 404306 49460->49461 49462 406150 13 API calls 49461->49462 49463 40430f 49462->49463 49463->49458 49464 40431c ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49463->49464 49465 404140 5 API calls 49464->49465 49466 404348 49465->49466 49467 406150 13 API calls 49466->49467 49468 404351 49467->49468 49468->49458 49469 40435e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49468->49469 49470 404140 5 API calls 49469->49470 49471 40438a 49470->49471 49472 406150 13 API calls 49471->49472 49473 404393 49472->49473 49473->49458 49474 4043a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49473->49474 49475 404140 5 API calls 49474->49475 49476 4043c9 49475->49476 49477 406150 13 API calls 49476->49477 49478 4043d2 49477->49478 49478->49458 49479 4043df ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?GetStringValue@@YAHAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0V12@0 49478->49479 49479->49458 49480 404419 ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ 49479->49480 49481 4044d5 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 49480->49481 49482 40442a ??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI 49480->49482 49481->49458 49483 404475 49482->49483 49484 40443e 49482->49484 49538 4011a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49483->49538 49537 4010a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49484->49537 49487 404452 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49487->49458 49488 40448a 49539 4010a0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49488->49539 49490 4044a3 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49490->49458 49492 404140 5 API calls 49491->49492 49493 4045fb 49492->49493 49494 406150 13 API calls 49493->49494 49495 404603 49494->49495 49496 404610 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG 49495->49496 49497 4046da ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49495->49497 49496->49497 49498 40462d ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49496->49498 49497->49401 49499 404140 5 API calls 49498->49499 49500 404656 49499->49500 49501 406150 13 API calls 49500->49501 49502 40465e 49501->49502 49502->49497 49503 404667 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49502->49503 49504 404140 5 API calls 49503->49504 49505 404690 49504->49505 49506 406150 13 API calls 49505->49506 49507 404698 49506->49507 49507->49497 49540 402f50 22 API calls 49507->49540 49509 4046b2 49509->49497 49510 4046bb ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 49509->49510 49510->49497 49512 404140 5 API calls 49511->49512 49513 4049c4 49512->49513 49514 406150 13 API calls 49513->49514 49515 4049ce 49514->49515 49516 4049d7 ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI 49515->49516 49517 404a48 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49515->49517 49519 4049f2 49516->49519 49520 404a0b ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ?SplitString@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@H ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49516->49520 49518 403d90 8 API calls 49517->49518 49521 404a75 ??3@YAXPAX 49518->49521 49541 403c90 15 API calls 49519->49541 49520->49517 49521->49407 49523 404a09 49523->49517 49525 4040c0 49524->49525 49526 4040b5 ?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II 49524->49526 49542 403e50 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ?SplitString@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@2@H ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49525->49542 49526->49525 49529 4040d1 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ _IsFileExist 49530 40410f ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49529->49530 49531 4040e5 49529->49531 49530->49409 49548 403f30 13 API calls 49531->49548 49533 4040eb 49549 4032e0 18 API calls 49533->49549 49535 4040f8 49535->49530 49536->49401 49537->49487 49538->49488 49539->49490 49540->49509 49541->49523 49545 403ec4 49542->49545 49543 403ef1 49546 403860 2 API calls 49543->49546 49544 403ef6 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 49544->49543 49545->49543 49545->49544 49547 403f11 49546->49547 49547->49529 49547->49530 49548->49533 49549->49535 49550->49436 49551 10018e0b ??0CErrException@@QAE _CxxThrowException 49552 10018e28 ?GetProcessVersion@CUpdateManager@ ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?CreateIpcQueue@CIPC@@SGHPBDP6GX0PBXK1K@Z 49551->49552 49554 7b6670 49555 7b668e 49554->49555 49556 7b6680 FindCloseChangeNotification 49554->49556 49556->49555 49557 7b9f30 49560 7b9f66 49557->49560 49558 7b9ffb 49559 7b9f6e RegEnumKeyExW 49559->49560 49561 7b9fb6 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49559->49561 49560->49558 49560->49559 49564 7b99d0 13 API calls 49561->49564 49563 7b9fdc ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49563->49560 49564->49563 49565 7b2bf0 GetFileAttributesW 49566 7b2c34 49565->49566 49567 4c2f00 InternetOpenW 49568 4c2f2a 49567->49568 49569 4c2f20 49567->49569 49570 4c2f3f InternetSetOptionW 49568->49570 49571 4c2f2f 49568->49571 49572 4c39c0 ??0CHTTPClient@@QAE ??2@YAPAXI 49573 4c3a1b 6 API calls 49572->49573 49575 4c2c80 49573->49575 49585 4c4610 49575->49585 49577 4c2c90 WaitForSingleObject ResetEvent 49578 4c2db7 49577->49578 49584 4c2cb7 49577->49584 49579 4c2cd4 InternetReadFileExA 49580 4c2d35 GetLastError 49579->49580 49579->49584 49581 4c2d96 WaitForSingleObject ResetEvent 49580->49581 49582 4c2d42 WaitForSingleObject 49580->49582 49581->49578 49581->49584 49582->49584 49583 4c2d5b SetEvent 49583->49584 49584->49579 49584->49581 49584->49583 49585->49577 49586 7c371f78 49587 7c371f84 49586->49587 49589 7c371f91 49587->49589 49590 7c371f2c 49587->49590 49591 7c371f3b 49590->49591 49595 7c371f58 49590->49595 49597 7c371f01 49591->49597 49594 7c371f5d 49594->49595 49596 7c371f64 free 49594->49596 49595->49589 49596->49595 49598 7c371f0d 49597->49598 49599 7c371f2a _close 49597->49599 49598->49599 49600 7c371f11 free 49598->49600 49599->49594 49599->49595 49600->49599 49601 4028d0 ??1CUpdateManager@@UAE 49602 4028e0 ??3@YAXPAX 49601->49602 49603 4028e9 49601->49603 49602->49603 49604 10013290 49605 100132b3 49604->49605 49619 10019080 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49605->49619 49607 100132d1 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0CSerialize@@QAE@H 49620 100190c0 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ??6CSerialize@@QAEAAV0@H ??6CSerialize@@QAEAAV0@PAG ??6CSerialize@@QAEAAV0@H 49607->49620 49609 10013310 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?SendIpcMessage@CIPC@@SGHPBDPAXK1KKH 49610 10013352 49609->49610 49611 10013357 ??0CSerialize@@QAE@PAEI 49609->49611 49612 100133b4 ??1CSerialize@@QAE 49610->49612 49613 10013383 49611->49613 49622 100190b0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49612->49622 49621 10019000 7 API calls 49613->49621 49617 10013393 49618 100133a7 ??1CSerialize@@QAE 49617->49618 49618->49612 49619->49607 49620->49609 49621->49617 49623 10017950 GetModuleHandleW GetModuleFileNameW GetFileVersionInfoSizeW 49624 100179b1 49623->49624 49625 100179d1 ??0CErrException@@QAE _CxxThrowException 49624->49625 49626 100179ee GetFileVersionInfoW 49624->49626 49625->49626 49627 10017a04 ??0CErrException@@QAE _CxxThrowException 49626->49627 49628 10017a1b VerQueryValueW 49626->49628 49627->49628 49629 10017a32 ??0CErrException@@QAE _CxxThrowException 49628->49629 49630 10017a49 49628->49630 49629->49630 49631 10017a84 ??_V@YAXPAX 49630->49631 49632 10017a8d 49630->49632 49631->49632 49633 7c38a8ac 49634 7c38a8b8 49633->49634 49636 7c38a8c4 __cwait 49634->49636 49637 7c38d583 49634->49637 49638 7c38d5a2 49637->49638 49639 7c38d6c8 49638->49639 49640 7c38d6ae _sopen 49638->49640 49639->49636 49640->49639 49641 7c3638e2 49642 7c3639ab _local_unwind2 49641->49642 49644 7c363900 49641->49644 49643 7c363996 49642->49643 49644->49643 49645 7c36394e _global_unwind2 _local_unwind2 49644->49645 49645->49644 49646 7c38c86d 49647 7c38c879 49646->49647 49650 7c38c70b 49647->49650 49649 7c38c88e 49651 7c38c724 49650->49651 49652 7c38c727 _lseek 49650->49652 49651->49652 49653 7c38c744 __cwait 49652->49653 49654 7c38c73a 49652->49654 49653->49649 49654->49653 49655 7c38c7f0 _lseek 49654->49655 49655->49653 49656 7c38c821 _lseek 49655->49656 49656->49653 49657 485410 49658 485456 49657->49658 49659 485434 ??0CConfigManager@@IAE 49657->49659 49661 4856c0 49659->49661 49664 48569a _onexit __dllonexit 49661->49664 49663 4856c9 49663->49658 49664->49663 49665 491950 49666 49197e 49665->49666 49671 491f40 RegOpenKeyExW 49666->49671 49672 491f9a 49671->49672 49673 491990 49671->49673 49689 491a80 RegQueryValueExW 49672->49689 49686 4918f0 SetWindowsHookExW 49673->49686 49675 49210c 49675->49673 49677 49212e RegCloseKey 49675->49677 49676 491fe0 RegEnumKeyExW 49676->49675 49678 49200b RegOpenKeyExW 49676->49678 49677->49673 49679 491fc0 49678->49679 49679->49675 49679->49676 49680 4920f5 RegCloseKey 49679->49680 49683 492101 49679->49683 49684 492087 wcscpy wcscpy 49679->49684 49691 491d60 12 API calls 49679->49691 49692 491c90 6 API calls 49679->49692 49680->49676 49683->49675 49685 492105 RegCloseKey 49683->49685 49684->49679 49685->49675 49687 491949 49686->49687 49688 49191b GetLastError wsprintfW 49686->49688 49688->49687 49690 491ab7 49689->49690 49690->49679 49691->49679 49692->49679 49693 7ba220 49700 7ba040 49693->49700 49695 7ba257 RegOpenKeyExW 49697 7ba2c9 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49695->49697 49698 7ba28e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?GetStringValue@@YAHAAVCRegKey@ATL@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@ 49695->49698 49698->49697 49699 7ba2c2 RegCloseKey 49698->49699 49699->49697 49719 7b8a20 ??2@YAPAXI 49700->49719 49705 7b9930 17 API calls 49706 7ba0e1 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49705->49706 49707 7b9930 17 API calls 49706->49707 49708 7ba117 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49707->49708 49709 7b9930 17 API calls 49708->49709 49710 7ba14d ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49709->49710 49711 7b9930 17 API calls 49710->49711 49712 7ba183 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49711->49712 49729 7bb0c0 49712->49729 49715 7ba1b1 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49716 7ba1c7 49715->49716 49733 7b9cf0 49716->49733 49718 7ba1f8 ??3@YAXPAX 49718->49695 49720 7b8a2e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49719->49720 49721 7b9930 49720->49721 49722 7bb0c0 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49721->49722 49723 7b9957 49722->49723 49724 7b995e ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49723->49724 49725 7b9970 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 49723->49725 49724->49725 49726 7b99ab ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 49724->49726 49741 7b9660 13 API calls 49725->49741 49726->49705 49728 7b9997 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49728->49726 49730 7bb0d1 49729->49730 49731 7ba1a5 49729->49731 49730->49731 49732 7bb0e0 ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0 49730->49732 49731->49715 49731->49716 49732->49730 49734 7b9d04 49733->49734 49740 7b9d3c 49733->49740 49735 7b9d08 49734->49735 49734->49740 49742 7b9460 ??3@YAXPAX ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 49735->49742 49736 7b9d9b 49736->49718 49738 7b9d13 49738->49718 49740->49736 49743 7b9160 6 API calls 49740->49743 49741->49728 49742->49738 49743->49740 49744 7b66a0 ??0CWinOsInfo@@QAE ?IsVistaOrLater@CWinOsInfo@ 49745 7b66ea InitializeSecurityDescriptor 49744->49745 49746 7b67cf CreateMutexW GetLastError 49744->49746 49747 7b673a SetSecurityDescriptorDacl 49745->49747 49748 7b684d 49745->49748 49749 7b68b9 ??1CWinOsInfo@@UAE 49746->49749 49750 7b67f6 InitializeSecurityDescriptor 49746->49750 49747->49748 49751 7b6751 ConvertStringSecurityDescriptorToSecurityDescriptorW 49747->49751 49748->49749 49753 7b6852 6 API calls 49748->49753 49750->49748 49752 7b681d SetSecurityDescriptorDacl 49750->49752 49751->49748 49754 7b677c GetSecurityDescriptorSacl 49751->49754 49752->49748 49755 7b6830 CreateMutexW 49752->49755 49753->49749 49754->49748 49756 7b679e SetSecurityDescriptorSacl 49754->49756 49757 7b6841 GetLastError 49755->49757 49756->49748 49758 7b67b9 CreateMutexW 49756->49758 49757->49748 49758->49757 49759 7b7be0 ?RearrangeSubkeyAndName@CRegistrySupp@@AAEXAAPBG0PAG 49760 7b7c11 49759->49760 49763 7b7c36 49759->49763 49761 7b7c17 ?CreateOrOpenKey@CRegistrySupp@@AAEHPBG0HPAPAUHKEY__@@ 49760->49761 49760->49763 49762 7b7c42 49761->49762 49761->49763 49763->49762 49764 7b7c4f RegQueryValueExW 49763->49764 49765 7b7c88 49764->49765 49766 7b7c81 RegCloseKey 49764->49766 49766->49765 49767 81ccdc 49768 81cce6 49767->49768 49769 81ceba 49767->49769 49786 81c4d4 49768->49786 49815 80451c 49769->49815 49771 81cceb 49798 81c41c 49771->49798 49778 81cd72 EnterCriticalSection 49780 81cda7 49778->49780 49810 8053e0 49780->49810 49784 81cde5 6 API calls 49785 81cea8 LeaveCriticalSection 49784->49785 49904 81c668 49784->49904 49910 81c98c 49784->49910 49787 81c4dd 49786->49787 49797 81c52d 49786->49797 49823 80aa74 31 API calls 49787->49823 49789 81c4e9 49824 80aa74 31 API calls 49789->49824 49791 81c4fa 49825 80aa74 31 API calls 49791->49825 49793 81c50b 49826 80aa74 31 API calls 49793->49826 49795 81c51c 49827 80aa74 31 API calls 49795->49827 49797->49771 49799 81c437 49798->49799 49828 806f0c 49799->49828 49803 81c45d 49850 806f7c 49803->49850 49807 81c474 49808 80451c 11 API calls 49807->49808 49809 81c4a7 InitializeSecurityDescriptor SetSecurityDescriptorDacl LocalAlloc NtCreatePort LocalFree 49808->49809 49809->49769 49809->49778 49883 805254 49810->49883 49813 8046f0 49814 8046f6 49813->49814 49817 804522 49815->49817 49816 804548 49819 8044f8 49816->49819 49817->49816 49902 8034f8 11 API calls 49817->49902 49820 8044fe 49819->49820 49822 804519 49819->49822 49820->49822 49903 8034f8 11 API calls 49820->49903 49823->49789 49824->49791 49825->49793 49826->49795 49827->49797 49829 806f1e 49828->49829 49830 80454c 11 API calls 49829->49830 49831 806f36 49830->49831 49864 8049c4 49831->49864 49833 806f3d 49834 8044f8 11 API calls 49833->49834 49835 806f6d 49834->49835 49836 80477c 49835->49836 49837 804780 49836->49837 49838 8047bf 49836->49838 49839 80478a 49837->49839 49843 80454c 49837->49843 49838->49803 49840 8047b4 49839->49840 49841 80479d 49839->49841 49842 804a5c 11 API calls 49840->49842 49874 804a5c 49841->49874 49849 8047a2 49842->49849 49847 804560 49843->49847 49872 8045bc 11 API calls 49843->49872 49844 80458e 49844->49803 49847->49844 49873 8034f8 11 API calls 49847->49873 49849->49803 49851 806f94 49850->49851 49852 804a5c 11 API calls 49851->49852 49853 806fb5 49852->49853 49854 806fec 49853->49854 49855 80477c 11 API calls 49853->49855 49856 8044f8 11 API calls 49854->49856 49855->49854 49857 807001 49856->49857 49858 80454c 49857->49858 49859 804550 49858->49859 49862 804560 49858->49862 49859->49862 49881 8045bc 11 API calls 49859->49881 49860 80458e 49860->49807 49862->49860 49882 8034f8 11 API calls 49862->49882 49865 804980 49864->49865 49866 8049bb 49865->49866 49870 8045bc 11 API calls 49865->49870 49866->49833 49868 804997 49868->49866 49871 8034f8 11 API calls 49868->49871 49870->49868 49871->49866 49872->49847 49873->49844 49875 804a69 49874->49875 49879 804a99 49874->49879 49877 804a75 49875->49877 49880 8045bc 11 API calls 49875->49880 49876 8044f8 11 API calls 49876->49877 49877->49849 49879->49876 49880->49879 49881->49862 49882->49860 49884 805273 49883->49884 49888 80528d 49883->49888 49885 80527e 49884->49885 49897 803574 11 API calls 49884->49897 49898 80524c 13 API calls 49885->49898 49890 8052d7 49888->49890 49899 803574 11 API calls 49888->49899 49889 805288 LocalAlloc 49889->49813 49893 8052e4 49890->49893 49900 8034d8 11 API calls 49890->49900 49893->49889 49896 805254 16 API calls 49893->49896 49894 805323 49894->49893 49901 805234 16 API calls 49894->49901 49896->49893 49897->49885 49898->49889 49899->49890 49900->49894 49901->49893 49902->49817 49903->49822 49905 81c671 WaitForSingleObject 49904->49905 49906 81c980 49905->49906 49907 81c68c EnterCriticalSection 49905->49907 49908 81c6b5 LeaveCriticalSection 49907->49908 49911 81c99a LocalAlloc NtReplyWaitReceivePort 49910->49911 49912 81cbce LocalFree 49911->49912 49918 81c9c5 49911->49918 49912->49911 49913 81ca13 GetCurrentProcessId LocalAlloc 49913->49918 49914 81c9f2 NtAcceptConnectPort LocalFree 49915 81cbd9 49914->49915 49916 81ca48 NtAcceptConnectPort 49917 81cba0 NtAcceptConnectPort LocalFree 49916->49917 49916->49918 49919 81cbc0 LocalFree 49917->49919 49918->49912 49918->49913 49918->49914 49918->49916 49920 81cad8 NtCompleteConnectPort CloseHandle 49918->49920 49921 81ca8f LocalAlloc 49918->49921 49919->49911 49934 81bdf8 49920->49934 49923 81cab3 49921->49923 49927 81cacf LocalFree 49923->49927 49925 81cb14 49928 81cb23 49925->49928 49929 81cb1a SetEvent 49925->49929 49926 81cb98 LocalFree 49926->49919 49927->49920 49930 80454c 11 API calls 49928->49930 49929->49928 49931 81cb30 EnterCriticalSection 49930->49931 49932 81cb5b LeaveCriticalSection 49931->49932 49935 81be01 49934->49935 49936 806f0c 11 API calls 49935->49936 50008 81c143 49935->50008 49937 81be48 49936->49937 50029 806b54 49937->50029 49938 80451c 11 API calls 49940 81c191 49938->49940 49940->49925 49940->49926 49943 81be6d 49944 81be91 49943->49944 49945 806ba0 11 API calls 49943->49945 49946 81bf57 49944->49946 49947 81be9b 49944->49947 49948 81be86 49945->49948 49949 806f0c 11 API calls 49946->49949 49950 806f0c 11 API calls 49947->49950 49951 80477c 11 API calls 49948->49951 49952 81bf64 49949->49952 49953 81beac 49950->49953 49951->49944 49954 806b54 11 API calls 49952->49954 49955 8047c0 11 API calls 49953->49955 49956 81bf7a 49954->49956 49957 81beba 49955->49957 49958 804834 11 API calls 49956->49958 49961 80dcec 32 API calls 49957->49961 49959 81bf8f 49958->49959 49960 806f0c 11 API calls 49959->49960 49962 81bf9e 49960->49962 49963 81bec8 49961->49963 49965 8047c0 11 API calls 49962->49965 49964 806f0c 11 API calls 49963->49964 49966 81bee0 49964->49966 49967 81bfac 49965->49967 49968 8046e0 11 API calls 49966->49968 49970 80de14 15 API calls 49967->49970 49969 81beed 49968->49969 49971 804834 11 API calls 49969->49971 49972 81bfba 49970->49972 49973 81befd 49971->49973 49974 81bfc2 49972->49974 49975 81bff5 49972->49975 49979 80df04 31 API calls 49973->49979 49976 806f0c 11 API calls 49974->49976 49977 806f0c 11 API calls 49975->49977 49978 81bfd7 49976->49978 49980 81c009 49977->49980 49981 804834 11 API calls 49978->49981 49982 81bf0b 49979->49982 49983 8046e0 11 API calls 49980->49983 49985 81bfe7 49981->49985 49986 806f0c 11 API calls 49982->49986 49984 81c016 49983->49984 49987 804834 11 API calls 49984->49987 49991 80de14 15 API calls 49985->49991 49988 81bf24 49986->49988 49989 81c026 49987->49989 49990 8046e0 11 API calls 49988->49990 49994 80e014 15 API calls 49989->49994 49992 81bf31 49990->49992 49991->49975 49993 804834 11 API calls 49992->49993 49995 81bf41 49993->49995 49996 81c034 49994->49996 49998 80df04 31 API calls 49995->49998 49997 806f0c 11 API calls 49996->49997 49999 81c049 49997->49999 50000 81bf4f 49998->50000 50001 8046e0 11 API calls 49999->50001 50002 81c10d 50000->50002 50003 81c056 50001->50003 50004 81c113 MapViewOfFile 50002->50004 50007 81c127 50002->50007 50005 804834 11 API calls 50003->50005 50004->50007 50006 81c066 50005->50006 50011 80e014 15 API calls 50006->50011 50007->50008 50009 81c156 50007->50009 50008->49938 50010 81bdb0 UnmapViewOfFile CloseHandle CloseHandle CloseHandle 50009->50010 50013 81c15d 50010->50013 50012 81c074 50011->50012 50012->50002 50014 806f0c 11 API calls 50012->50014 50013->50008 50015 81c096 50014->50015 50016 8046e0 11 API calls 50015->50016 50017 81c0a3 50016->50017 50018 804834 11 API calls 50017->50018 50019 81c0b3 50018->50019 50020 80e014 15 API calls 50019->50020 50021 81c0c1 50020->50021 50022 806f0c 11 API calls 50021->50022 50023 81c0d9 50022->50023 50024 8046e0 11 API calls 50023->50024 50025 81c0e9 50024->50025 50026 804834 11 API calls 50025->50026 50027 81c0fc 50026->50027 50028 80e014 15 API calls 50027->50028 50028->50000 50043 8068c8 50029->50043 50031 806b72 50060 8066c0 50031->50060 50034 804834 50035 804845 50034->50035 50036 804882 50035->50036 50037 80486b 50035->50037 50099 8045bc 11 API calls 50036->50099 50038 804a5c 11 API calls 50037->50038 50041 804878 50038->50041 50040 8048b3 50041->50040 50042 80454c 11 API calls 50041->50042 50042->50040 50044 8068d7 50043->50044 50045 806995 50044->50045 50047 8068e1 50044->50047 50046 80454c 11 API calls 50045->50046 50059 806993 50045->50059 50046->50059 50048 804a5c 11 API calls 50047->50048 50049 806902 50048->50049 50051 806953 50049->50051 50076 804980 11 API calls 50049->50076 50052 806960 50051->50052 50077 804980 11 API calls 50051->50077 50052->50059 50078 804980 11 API calls 50052->50078 50055 806971 50079 804980 11 API calls 50055->50079 50057 806979 50058 804a5c 11 API calls 50057->50058 50058->50059 50059->50031 50061 8066e2 50060->50061 50071 806740 50060->50071 50062 804a5c 11 API calls 50061->50062 50063 8066ec 50062->50063 50066 806750 50063->50066 50067 8066ff 50063->50067 50064 80451c 11 API calls 50065 806774 50064->50065 50065->50034 50068 80477c 11 API calls 50066->50068 50069 806742 50067->50069 50072 806714 50067->50072 50068->50071 50081 8047c0 50069->50081 50071->50064 50080 8062ec 11 API calls 50072->50080 50074 806731 50075 804834 11 API calls 50074->50075 50075->50071 50076->50049 50077->50052 50078->50055 50079->50057 50080->50074 50082 8047c4 50081->50082 50083 804825 50081->50083 50084 80454c 50082->50084 50085 8047cc 50082->50085 50086 804560 50084->50086 50096 8045bc 11 API calls 50084->50096 50085->50083 50087 8047db 50085->50087 50090 80454c 11 API calls 50085->50090 50088 80458e 50086->50088 50097 8034f8 11 API calls 50086->50097 50098 8045bc 11 API calls 50087->50098 50088->50071 50090->50087 50093 8047f5 50094 80454c 11 API calls 50093->50094 50095 804821 50094->50095 50095->50071 50096->50086 50097->50088 50098->50093 50099->50041 50100 81dedc 50109 80d7fc 50100->50109 50103 81defa 50115 81db5c 50103->50115 50105 81df00 50106 81df07 50126 81de28 47 API calls 50106->50126 50108 81df0d 50108->50105 50110 80d84b 50109->50110 50111 80d80b GetVersion 50109->50111 50110->50103 50110->50106 50112 80d844 50111->50112 50113 80d817 50111->50113 50112->50110 50114 80d823 GetVersionExW 50113->50114 50114->50110 50116 81db91 EnterCriticalSection 50115->50116 50117 81ddf6 50115->50117 50124 81dbb5 50116->50124 50118 8044f8 11 API calls 50117->50118 50119 81de0b 50118->50119 50121 8044f8 11 API calls 50119->50121 50120 81dc12 LeaveCriticalSection 50120->50105 50123 81de13 50121->50123 50123->50105 50124->50120 50125 8053e0 16 API calls 50124->50125 50125->50120 50126->50108 50127 7c383ea7 50128 7c383eb3 50127->50128 50131 7c383b6b 50128->50131 50130 7c383ed4 50132 7c383b86 50131->50132 50133 7c383d27 CreateFileA 50132->50133 50137 7c383bf2 __cwait 50132->50137 50134 7c383d54 GetFileType 50133->50134 50135 7c383d66 GetLastError 50133->50135 50136 7c383d5f CloseHandle 50134->50136 50138 7c383d75 50134->50138 50135->50137 50136->50135 50137->50130 50138->50137 50147 7c37433b _get_osfhandle 50138->50147 50140 7c383dd3 50142 7c383dde __cwait 50140->50142 50158 7c384179 50140->50158 50142->50137 50152 7c37421d _get_osfhandle 50142->50152 50143 7c37433b 3 API calls 50143->50142 50145 7c383e17 50145->50142 50145->50143 50146 7c383e4c 50148 7c37435c SetFilePointer 50147->50148 50149 7c37434c __cwait 50147->50149 50150 7c374375 GetLastError 50148->50150 50151 7c37437d __cwait 50148->50151 50149->50140 50150->50151 50151->50140 50153 7c37422f 50152->50153 50157 7c37426b __cwait 50152->50157 50154 7c374239 _get_osfhandle _get_osfhandle 50153->50154 50155 7c37424f _get_osfhandle FindCloseChangeNotification 50153->50155 50154->50155 50154->50157 50156 7c374261 GetLastError 50155->50156 50155->50157 50156->50157 50157->50146 50160 7c384195 50158->50160 50162 7c38420a __cwait 50158->50162 50159 7c3841e4 ReadFile 50161 7c3841fd GetLastError 50159->50161 50165 7c384236 50159->50165 50160->50159 50160->50162 50161->50162 50162->50145 50163 7c3842b2 ReadFile 50164 7c3842d0 GetLastError 50163->50164 50166 7c3842da 50163->50166 50164->50165 50164->50166 50165->50162 50165->50163 50166->50165 50167 7c361fa9 HeapCreate 50168 7c368f5d 50167->50168 50169 7c361fcd 50167->50169 50176 7c361f41 6 API calls 50169->50176 50171 7c361fd2 50174 7c361fe0 50171->50174 50177 7c36bf7a HeapAlloc 50171->50177 50172 7c361fe9 50174->50172 50175 7c368f51 HeapDestroy 50174->50175 50175->50168 50176->50171 50177->50174 50178 81c6e1 50180 81c85a 50178->50180 50182 81c6eb 50178->50182 50179 81c980 50180->50179 50183 81c94e 50180->50183 50185 81c8aa GetTickCount 50180->50185 50181 81c70c SetEvent 50181->50182 50182->50180 50182->50181 50184 81c839 WaitForSingleObject 50182->50184 50190 8053e0 16 API calls 50182->50190 50187 81c671 WaitForSingleObject 50183->50187 50188 8053e0 16 API calls 50183->50188 50184->50180 50184->50182 50185->50180 50186 81c8c4 SetEvent WaitForSingleObject CloseHandle CloseHandle LocalFree 50185->50186 50186->50180 50187->50179 50189 81c68c EnterCriticalSection 50187->50189 50191 81c978 50188->50191 50192 81c6b5 LeaveCriticalSection 50189->50192 50193 81c774 LocalAlloc CreateEventA CreateThread 50190->50193 50191->50187 50195 81c7e5 SetThreadPriority 50193->50195 50196 81c7f7 CloseHandle LocalFree 50193->50196 50199 81c5c0 50193->50199 50195->50182 50197 8053e0 16 API calls 50196->50197 50198 81c830 50197->50198 50198->50182 50200 81c5cf WaitForSingleObject 50199->50200 50201 81c65b 50200->50201 50202 81c5de 50200->50202 50202->50201 50203 81c5e4 50202->50203 50204 81c614 SetEvent 50203->50204 50205 81c628 GetTickCount 50203->50205 50209 81bdb0 UnmapViewOfFile CloseHandle CloseHandle CloseHandle 50204->50209 50207 8044f8 11 API calls 50205->50207 50208 81c63b LocalFree ReleaseSemaphore 50207->50208 50208->50200 50209->50205 50210 10018320 50211 1001835a ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?DestroyIpcQueue@CIPC@@SGHPBD 50210->50211 50212 10018379 50210->50212 50211->50212 50213 10018387 ??0CAutoLock@@QAE@ABVCLockable@@ 50212->50213 50222 10018417 50212->50222 50217 100183a0 50213->50217 50214 10018453 50220 10018463 50214->50220 50221 1001845a ??3@YAXPAX 50214->50221 50215 1001843c 50218 10018442 CloseHandle 50215->50218 50216 100183c2 50226 100183f0 ??1CAutoLock@@QAE 50216->50226 50231 10013e30 ??3@YAXPAX 50216->50231 50217->50216 50219 100183ac ??3@YAXPAX 50217->50219 50218->50218 50223 10018451 50218->50223 50219->50217 50224 10018472 ??3@YAXPAX 50220->50224 50225 1001847b 50220->50225 50221->50220 50222->50214 50222->50215 50223->50214 50224->50225 50232 10014d50 6 API calls 50225->50232 50226->50222 50229 100184a0 ??3@YAXPAX 50230 100183e0 ??3@YAXPAX 50230->50216 50231->50230 50232->50229 50233 7c38c61b 50234 7c38c699 __cwait 50233->50234 50235 7c38c628 50233->50235 50235->50234 50236 7c38c70b 3 API calls 50235->50236 50238 7c38c64b 50235->50238 50236->50238 50237 7c38c67c _lseek 50237->50234 50238->50237 50239 7c38a79d 50240 7c38a7ad 50239->50240 50246 7c38a7b9 50239->50246 50241 7c38a7d9 50240->50241 50242 7c38a7d0 50240->50242 50240->50246 50244 7c38a7de _read 50241->50244 50247 7c371fc9 malloc 50242->50247 50244->50246 50245 7c38a7d6 50245->50244 50247->50245 50248 7c363810 50251 7c363821 50248->50251 50250 7c36381d 50252 7c3630a4 50251->50252 50253 7c36382d _lock 50252->50253 50254 7c368965 GetCurrentProcess TerminateProcess 50253->50254 50255 7c363849 50253->50255 50260 7c368991 50254->50260 50256 7c363894 _initterm 50255->50256 50257 7c363883 _initterm 50255->50257 50258 7c3638ae 50256->50258 50257->50256 50259 7c3638b7 50258->50259 50258->50260 50259->50254 50260->50250 50261 485060 50285 481eb0 50261->50285 50264 48510b ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11 50266 4851f1 wcslen 50264->50266 50267 485141 ??0CRegistrySupp@@QAE@PAUHKEY__@@ 50264->50267 50268 48523e ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG 50266->50268 50269 485213 wcslen wcslen 50266->50269 50270 48516c ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11 50267->50270 50271 485286 50268->50271 50269->50268 50269->50269 50273 4851dc ??1CRegistrySupp@@QAE 50270->50273 50274 48519c ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrRuntimeException@@QAE@ABV0@ _CxxThrowException 50270->50274 50275 4852f7 wcslen 50271->50275 50276 4852b7 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrRuntimeException@@QAE@ABV0@ _CxxThrowException 50271->50276 50273->50266 50274->50273 50277 48533e ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG 50275->50277 50278 485313 wcslen wcslen 50275->50278 50276->50275 50288 481970 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50277->50288 50278->50277 50278->50278 50280 485375 50289 481a70 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50280->50289 50282 485392 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1CRegistrySupp@@QAE 50290 485627 50282->50290 50295 4854ba 50285->50295 50288->50280 50289->50282 50291 485408 50290->50291 50292 4855f6 50290->50292 50293 485602 __security_error_handler 50292->50293 50294 48561a ExitProcess 50293->50294 50296 4854d2 malloc 50295->50296 50297 481eb7 ??0CCriticalSec@@QAE ??0CRegistrySupp@@QAE@PAUHKEY__@@ 50296->50297 50298 4854c1 _callnewh 50296->50298 50297->50264 50298->50296 50299 4854cc ?_Nomemory@std@ 50298->50299 50299->50296 50300 491860 50301 49188f 50300->50301 50302 4918a4 CallNextHookEx 50300->50302 50306 491490 50301->50306 50304 491898 50304->50302 50313 4917c0 50304->50313 50325 492cf0 50306->50325 50309 49159b 50309->50304 50310 491561 50327 4912d0 6 API calls 50310->50327 50312 491583 50312->50304 50312->50309 50314 491828 50313->50314 50315 4917ec 50313->50315 50314->50302 50328 4910e0 50315->50328 50318 491839 50318->50314 50321 49183e 50318->50321 50319 49181c 50334 4916c0 27 API calls 50319->50334 50335 491200 8 API calls 50321->50335 50323 491825 50323->50314 50324 491843 50324->50302 50326 4914b3 6 API calls 50325->50326 50326->50309 50326->50310 50327->50312 50329 492cf0 50328->50329 50330 491103 GetModuleHandleW GetModuleFileNameW GetLongPathNameW PathStripPathW wcslen 50329->50330 50333 491163 50330->50333 50331 491193 50331->50314 50331->50318 50331->50319 50333->50331 50336 4910a0 toupper toupper 50333->50336 50334->50323 50335->50324 50336->50333 50337 7b7450 50338 7b7490 50337->50338 50343 7b6d50 RegQueryValueExW 50338->50343 50341 7b74cf ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50342 7b74b8 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 50342->50341 50344 7b6d87 50343->50344 50344->50341 50344->50342 50345 7b6f50 50346 7b6f69 50345->50346 50347 7b6f61 50345->50347 50348 7b6fc0 RegOpenKeyExW 50346->50348 50349 7b6f80 lstrcmpiW 50346->50349 50350 7b700c 50348->50350 50351 7b6fe0 RegOpenKeyExW 50348->50351 50349->50348 50353 7b6f92 lstrcmpiW 50349->50353 50352 7b7025 50350->50352 50355 7b701e RegCloseKey 50350->50355 50351->50350 50354 7b6ff6 50351->50354 50353->50348 50356 7b6f9e RegConnectRegistryW 50353->50356 50354->50350 50357 7b6ffd RegCreateKeyW 50354->50357 50355->50352 50356->50348 50358 7b6fb3 50356->50358 50357->50350 50359 7c36281a 50362 7c3627fc 50359->50362 50364 7c362815 50362->50364 50365 7c362803 50362->50365 50365->50364 50366 7c368c96 _callnewh 50365->50366 50367 7c36279a 50365->50367 50366->50364 50366->50365 50368 7c3627a6 50367->50368 50369 7c368bf2 _lock 50368->50369 50370 7c3627bd 50368->50370 50373 7c3627b4 50368->50373 50371 7c368c04 50369->50371 50372 7c3627d5 RtlAllocateHeap 50370->50372 50379 7c368c6a 50370->50379 50380 7c368c19 _unlock 50371->50380 50375 7c3627e9 50372->50375 50373->50370 50373->50372 50374 7c368c43 _lock 50373->50374 50377 7c368c5d 50374->50377 50375->50365 50381 7c368c72 _unlock 50377->50381 50380->50373 50381->50379 50382 81d66c GetLastError 50383 81d6bc 50382->50383 50466 80d11c 50382->50466 50385 81db1a SetLastError 50383->50385 50386 80d7fc 2 API calls 50383->50386 50387 81db2d 50385->50387 50388 81d6cb 50386->50388 50389 80451c 11 API calls 50387->50389 50390 81d6e5 50388->50390 50393 81d904 50388->50393 50391 81db3d 50389->50391 50449 81d564 50390->50449 50392 8044f8 11 API calls 50391->50392 50394 81db45 50392->50394 50470 81c1f4 42 API calls 50393->50470 50398 81d728 50399 81bdf8 49 API calls 50398->50399 50401 81d737 50399->50401 50400 81db06 50402 81db15 50400->50402 50403 81db0a 50400->50403 50407 81daa2 50401->50407 50409 81c4d4 31 API calls 50401->50409 50402->50385 50473 81bdb0 UnmapViewOfFile CloseHandle CloseHandle CloseHandle 50403->50473 50404 81db00 CloseHandle 50404->50400 50405 81d928 50405->50407 50408 81bdf8 49 API calls 50405->50408 50407->50400 50407->50404 50471 81d4d4 MsgWaitForMultipleObjects TranslateMessage DispatchMessageA PeekMessageA WaitForMultipleObjects 50407->50471 50411 81d967 50408->50411 50412 81d746 50409->50412 50413 81d971 OpenProcess 50411->50413 50414 81da90 ReleaseMutex CloseHandle 50411->50414 50419 81c41c 11 API calls 50412->50419 50413->50414 50416 81d98e GetCurrentProcess DuplicateHandle 50413->50416 50414->50407 50415 81dac6 50417 81dae1 50415->50417 50472 81d4d4 MsgWaitForMultipleObjects TranslateMessage DispatchMessageA PeekMessageA WaitForMultipleObjects 50415->50472 50416->50414 50418 81d9b6 50416->50418 50417->50404 50422 81535c 37 API calls 50418->50422 50429 81d765 50419->50429 50421 81dadc 50421->50417 50423 81d9bb WriteFile 50422->50423 50424 81da6f CloseHandle 50423->50424 50425 81d9de 50423->50425 50424->50414 50425->50424 50426 81d9e8 WriteFile 50425->50426 50426->50424 50428 81da07 50426->50428 50428->50424 50430 81da0d WriteFile 50428->50430 50463 81535c GetCurrentProcessId 50429->50463 50430->50424 50432 81da29 50430->50432 50432->50424 50434 81da2f WriteFile 50432->50434 50434->50424 50437 81da4b 50434->50437 50435 81d7b1 50439 81d7c1 CreateFileMappingA MapViewOfFile 50435->50439 50436 81d85f 50442 81d87a NtConnectPort 50436->50442 50437->50424 50438 81da51 WriteFile 50437->50438 50438->50424 50440 81d813 50439->50440 50441 81d838 50439->50441 50447 81d824 UnmapViewOfFile 50440->50447 50441->50442 50443 81d8b5 50442->50443 50444 81d8ac CloseHandle 50442->50444 50445 81d8c5 50443->50445 50446 81d8bf CloseHandle 50443->50446 50444->50443 50445->50407 50448 81d8ea OpenProcess 50445->50448 50446->50445 50447->50441 50448->50407 50450 81d589 50449->50450 50453 81d60d 50449->50453 50451 806f0c 11 API calls 50450->50451 50452 81d596 50451->50452 50454 806f0c 11 API calls 50452->50454 50455 80451c 11 API calls 50453->50455 50456 81d5a6 GetCurrentProcessId 50454->50456 50457 81d640 GetCurrentProcessId 50455->50457 50474 806ba0 50456->50474 50457->50398 50460 804834 11 API calls 50461 81d5ce 50460->50461 50462 81d5d6 CreateFileMappingA MapViewOfFile CloseHandle 50461->50462 50462->50453 50504 8152e0 GetLastError 50463->50504 50465 815366 50465->50435 50465->50436 50467 80d12c 50466->50467 50468 80d146 IsBadReadPtr 50467->50468 50469 80d155 50467->50469 50468->50469 50469->50383 50470->50405 50471->50415 50472->50421 50473->50402 50486 806a64 50474->50486 50477 806bd7 50478 8066c0 11 API calls 50477->50478 50480 806bf8 50478->50480 50479 806c08 50481 8047c0 11 API calls 50479->50481 50482 8047c0 11 API calls 50480->50482 50483 806c16 50481->50483 50484 806c06 50482->50484 50485 8066c0 11 API calls 50483->50485 50484->50460 50485->50484 50487 806a83 50486->50487 50488 806ac7 50487->50488 50489 806a89 50487->50489 50491 80454c 11 API calls 50488->50491 50493 806ac5 50488->50493 50501 8069b8 11 API calls 50489->50501 50491->50493 50492 806a93 50492->50493 50502 806794 11 API calls 50492->50502 50494 80451c 11 API calls 50493->50494 50496 806aed 50494->50496 50496->50477 50496->50479 50497 806aac 50503 8069b8 11 API calls 50497->50503 50499 806aba 50500 8047c0 11 API calls 50499->50500 50500->50493 50501->50492 50502->50497 50503->50499 50505 80d11c IsBadReadPtr 50504->50505 50506 815302 50505->50506 50507 81532b SetLastError 50506->50507 50510 80a978 50506->50510 50507->50465 50511 80a991 50510->50511 50512 806f0c 11 API calls 50511->50512 50513 80a9aa 50512->50513 50520 80a8cc 50513->50520 50518 80451c 11 API calls 50519 80a9d7 50518->50519 50519->50507 50521 80a8eb 50520->50521 50522 80a92f 50520->50522 50523 806f0c 11 API calls 50521->50523 50524 80451c 11 API calls 50522->50524 50525 80a8f8 GetVersion 50523->50525 50526 80a94f 50524->50526 50527 80a921 GetModuleHandleA 50525->50527 50528 80a904 50525->50528 50531 807994 50526->50531 50527->50522 50529 806f7c 11 API calls 50528->50529 50530 80a911 GetModuleHandleW 50529->50530 50530->50522 50532 8079b2 50531->50532 50533 807b75 50531->50533 50550 8076d4 IsBadReadPtr 50532->50550 50533->50518 50535 807a7c 50535->50533 50537 8076d4 IsBadReadPtr 50535->50537 50536 8079ba 50536->50535 50540 807a0e lstrcmpA 50536->50540 50538 807b58 50537->50538 50538->50533 50539 807b66 GetProcAddress 50538->50539 50539->50533 50540->50536 50542 807a2f 50540->50542 50541 807b31 50553 807770 30 API calls 50541->50553 50542->50535 50542->50541 50545 807aae 50542->50545 50547 807ab9 50542->50547 50544 807b3c 50544->50535 50552 8078b8 14 API calls 50545->50552 50547->50541 50548 807ab6 50547->50548 50548->50541 50548->50547 50549 807b28 UnmapViewOfFile 50548->50549 50549->50541 50551 8076fa 50550->50551 50551->50536 50552->50548 50553->50544 50554 4d1ca0 50555 4d1ce8 ??2@YAPAXI 50554->50555 50556 4d1ce2 50554->50556 50557 4d1d4c 50555->50557 50558 4d1d05 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?UnicodeToAscii@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I 50555->50558 50556->50555 50560 4d1d5e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50557->50560 50561 4d1d6b 50557->50561 50559 4d1d3c 50558->50559 50599 4d43f0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50559->50599 50560->50561 50592 4d4aa0 50561->50592 50564 4d1d74 50565 4d1f91 50564->50565 50567 4d1d8a _wfopen 50564->50567 50628 4d73f7 __security_error_handler ExitProcess 50565->50628 50569 4d1da5 ??2@YAPAXI 50567->50569 50570 4d1e61 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 50567->50570 50568 4d1fb1 50574 4d1e21 50569->50574 50575 4d1dd0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?UnicodeToAscii@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I 50569->50575 50572 4d1e8b ?AsciiToUnicodeEx@@YG?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBDI 50570->50572 50625 4d1ad0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50572->50625 50582 4d1e3f 50574->50582 50583 4d1e35 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50574->50583 50577 4d1e14 50575->50577 50578 4d1e07 50575->50578 50601 4d43f0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50577->50601 50600 4d43f0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50578->50600 50579 4d1ebe 50626 4d1a50 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50579->50626 50602 4d2e80 50582->50602 50583->50582 50585 4d1e12 50585->50574 50587 4d1ed5 50627 4d1ad0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50587->50627 50588 4d1e4d fclose 50588->50565 50588->50570 50590 4d1eee 7 API calls 50591 4d1f82 _CxxThrowException 50590->50591 50591->50565 50593 4d4ab7 50592->50593 50594 4d4aa6 50592->50594 50596 4d4490 22 API calls 50593->50596 50629 4d4490 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@ 50594->50629 50598 4d4ac5 50596->50598 50597 4d4ab4 50597->50564 50598->50564 50599->50557 50600->50585 50601->50585 50603 4d2ea7 50602->50603 50606 4d2ec7 fseek ftell fseek 50602->50606 50639 4d5670 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50603->50639 50608 4d2f37 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI ??_U@YAPAXI fread 50606->50608 50609 4d2f11 50606->50609 50607 4d2eb1 50607->50588 50611 4d2f79 ??_V@YAXPAX 50608->50611 50620 4d2fba 50608->50620 50640 4d5670 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50609->50640 50641 4d5670 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50611->50641 50612 4d2f20 50612->50588 50614 4d3025 50615 4d3029 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI 50614->50615 50616 4d3035 ??_V@YAXPAX 50614->50616 50615->50616 50618 4d304b 50616->50618 50617 4d2f91 50619 4d2f9d ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50617->50619 50618->50619 50624 4d3075 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50618->50624 50619->50588 50620->50614 50621 4d2fd7 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI 50620->50621 50622 4d2ffa ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI 50620->50622 50623 4d3006 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D 50620->50623 50621->50620 50622->50623 50623->50620 50624->50588 50625->50579 50626->50587 50627->50590 50628->50568 50630 4d44d9 fopen 50629->50630 50632 4d4538 50630->50632 50633 4d44f8 50630->50633 50638 4d5670 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 50632->50638 50634 4d2e80 16 API calls 50633->50634 50636 4d4504 fclose ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50634->50636 50636->50597 50637 4d4545 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 50637->50597 50638->50637 50639->50607 50640->50612 50641->50617 50642 8018ee 50643 8018fa 50642->50643 50644 801952 50643->50644 50645 80193f 50643->50645 50653 8019a7 50643->50653 50657 801560 50644->50657 50668 801830 malloc _initterm free _onexit __dllonexit 50645->50668 50648 80194b 50648->50644 50648->50653 50649 801975 50651 80197e 50649->50651 50649->50653 50650 80195f 50650->50649 50652 80196b 50650->50652 50670 801830 malloc _initterm free _onexit __dllonexit 50651->50670 50669 801830 malloc _initterm free _onexit __dllonexit 50652->50669 50656 801988 50656->50653 50658 8015a1 50657->50658 50659 801569 50657->50659 50658->50650 50660 801570 50659->50660 50661 801583 DisableThreadLibraryCalls 50659->50661 50662 801596 50659->50662 50671 81e5a8 50660->50671 50661->50650 50676 81e5f8 GetModuleFileNameA 50662->50676 50680 81e5f6 50662->50680 50685 81e664 50662->50685 50668->50648 50669->50649 50670->50656 50672 80157b 50671->50672 50673 81e5b7 VirtualQuery 50671->50673 50672->50650 50673->50672 50674 81e5cc 50673->50674 50674->50672 50696 804228 50674->50696 50677 81e62a 50676->50677 50678 81e61d 50676->50678 50677->50658 50750 8057e8 50678->50750 50681 81e5f8 GetModuleFileNameA 50680->50681 50682 81e61d 50681->50682 50683 81e62a 50681->50683 50684 8057e8 3 API calls 50682->50684 50683->50658 50684->50683 50686 81e61f 50685->50686 50687 81e69f 50685->50687 50695 8057e8 3 API calls 50686->50695 50688 81e6dd 50687->50688 50761 805858 49 API calls 50687->50761 50691 8076d4 IsBadReadPtr 50688->50691 50690 81e62a 50690->50658 50692 81e6e7 50691->50692 50762 804408 7 API calls 50692->50762 50695->50690 50697 80426e 50696->50697 50698 8042e7 50697->50698 50699 804408 50697->50699 50710 8041c8 50698->50710 50702 804440 50699->50702 50705 804451 50699->50705 50714 80437c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 50702->50714 50704 80444a 50704->50705 50706 80448c FreeLibrary 50705->50706 50707 8044b0 50705->50707 50706->50705 50708 8044b9 50707->50708 50709 8044bf ExitProcess 50707->50709 50708->50709 50711 804204 50710->50711 50712 8041d7 50710->50712 50711->50672 50712->50711 50715 81e39c 50712->50715 50714->50704 50725 8080bc 50715->50725 50718 81e3b9 50727 81e15c GetCurrentProcess OpenProcessToken 50718->50727 50719 81e3be 50721 80a978 33 API calls 50719->50721 50723 81e3ca 50721->50723 50722 81e3eb SetLastError 50722->50712 50723->50722 50724 81e3dc GetNativeSystemInfo 50723->50724 50724->50722 50726 8080c6 GetVersion 50725->50726 50726->50718 50726->50719 50728 81e317 50727->50728 50729 81e197 GetTokenInformation 50727->50729 50734 80451c 11 API calls 50728->50734 50730 81e1c7 LocalAlloc GetTokenInformation 50729->50730 50731 81e2f9 CloseHandle 50729->50731 50732 81e2f3 LocalFree 50730->50732 50733 81e1f4 50730->50733 50731->50719 50732->50731 50736 806f0c 11 API calls 50733->50736 50737 81e331 50734->50737 50738 81e205 50736->50738 50737->50719 50739 81e20d LookupPrivilegeValueA 50738->50739 50740 81e219 50739->50740 50741 806f0c 11 API calls 50740->50741 50742 81e238 50741->50742 50743 81e240 LookupPrivilegeValueA 50742->50743 50744 81e24c 50743->50744 50745 806f0c 11 API calls 50744->50745 50746 81e26b 50745->50746 50747 81e273 LookupPrivilegeValueA 50746->50747 50749 81e27f AdjustTokenPrivileges 50747->50749 50749->50732 50751 8057f1 50750->50751 50752 80580a 50750->50752 50756 8057c0 50751->50756 50752->50677 50755 8057ff TlsFree 50755->50752 50757 8057e7 50756->50757 50758 8057c9 50756->50758 50757->50752 50757->50755 50758->50757 50759 8057d2 TlsGetValue 50758->50759 50759->50757 50760 8057e1 LocalFree 50759->50760 50760->50757 50761->50688 50763 7c384356 50764 7c384362 50763->50764 50765 7c384179 4 API calls 50764->50765 50766 7c3843ad __cwait 50764->50766 50765->50766 50767 7c38a908 _fsopen 50768 8015f0 50772 81d460 50768->50772 50782 81d468 50768->50782 50769 801607 50773 81d473 50772->50773 50774 80d7fc 2 API calls 50773->50774 50779 81d4a1 50773->50779 50775 81d485 50774->50775 50776 81d49b 50775->50776 50778 81d4a8 50775->50778 50792 81cbe8 GetCurrentProcess GetCurrentProcess GetCurrentProcess DuplicateHandle 50776->50792 50801 81d184 64 API calls 50778->50801 50779->50769 50781 81d4ae 50781->50779 50783 81d473 50782->50783 50784 80d7fc 2 API calls 50783->50784 50789 81d4a1 50783->50789 50785 81d485 50784->50785 50786 81d49b 50785->50786 50788 81d4a8 50785->50788 50787 81cbe8 28 API calls 50786->50787 50787->50789 50827 81d184 64 API calls 50788->50827 50789->50769 50791 81d4ae 50791->50789 50793 81cc46 50792->50793 50794 81cc2f 50792->50794 50796 81cc60 EnterCriticalSection 50793->50796 50797 81cc4f InitializeCriticalSection 50793->50797 50802 81df18 50794->50802 50800 81cc86 50796->50800 50797->50796 50799 81ccca LeaveCriticalSection 50799->50779 50800->50799 50801->50781 50825 81cf64 68 API calls 50801->50825 50803 806f0c 11 API calls 50802->50803 50804 81df4f 50803->50804 50805 81df57 LoadLibraryA 50804->50805 50806 806f0c 11 API calls 50805->50806 50807 81df6c 50806->50807 50808 81df74 GetProcAddress 50807->50808 50809 806f0c 11 API calls 50808->50809 50810 81df8a 50809->50810 50811 81df92 GetProcAddress 50810->50811 50812 806f0c 11 API calls 50811->50812 50813 81dfa9 50812->50813 50814 81dfb1 GetProcAddress 50813->50814 50815 81e0c3 FreeLibrary 50814->50815 50819 81dfc2 50814->50819 50816 81e0d6 50815->50816 50817 80451c 11 API calls 50816->50817 50818 81cc3d CloseHandle 50817->50818 50818->50793 50819->50815 50820 81e024 AllocateAndInitializeSid 50819->50820 50821 81e048 50820->50821 50822 81e0ba LocalFree 50820->50822 50823 81e0b1 FreeSid 50821->50823 50824 81e09c LocalFree 50821->50824 50822->50815 50823->50822 50824->50823 50826 81cf44 7 API calls 50825->50826 50827->50791 50828 81cf64 68 API calls 50827->50828 50829 100168f0 50830 10016943 GetHandleInformation 50829->50830 50831 10016997 50829->50831 50830->50831 50832 10016953 50830->50832 50833 100169a1 CloseHandle 50831->50833 50834 100169a7 50831->50834 50836 10016961 WaitForSingleObject GetExitCodeThread 50832->50836 50837 1001695a SetEvent 50832->50837 50833->50834 50835 100169ae CloseHandle 50834->50835 50843 100169b4 50834->50843 50835->50843 50838 10016991 CloseHandle 50836->50838 50839 10016986 TerminateThread 50836->50839 50837->50836 50838->50831 50839->50838 50840 100169f1 50845 10003cd0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??3@YAXPAX 50840->50845 50841 100169eb CloseHandle 50841->50840 50843->50840 50843->50841 50844 10016a01 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50845->50844 50846 10013970 ?agentStartUp@CUpdateAgent@ 50852 1001a4be 50846->50852 50849 100139da 50853 1001a4d6 malloc 50852->50853 50854 100139ac 50853->50854 50855 1001a4c5 _callnewh 50853->50855 50854->50849 50857 10016da0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 50854->50857 50855->50853 50856 1001a4d0 ?_Nomemory@std@ 50855->50856 50856->50853 50858 1001a4be 3 API calls 50857->50858 50859 10016ed3 50858->50859 50860 10016ee8 50859->50860 50894 100129e0 11 API calls 50859->50894 50897 10016bb0 50860->50897 50863 10016f4f 50864 1001a4be 3 API calls 50863->50864 50866 10016f5a 50864->50866 50865 10016f11 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50865->50863 50870 10016f76 50866->50870 50914 10008660 ??0CHTTPClientAsyncHandler@@QAE ??0CCriticalSec@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG 50866->50914 50867 10016efd 50867->50863 50867->50865 50869 10016fd8 50928 10016a90 50869->50928 50870->50869 50871 10016f9a ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50870->50871 50871->50869 50874 1001a4be 3 API calls 50875 10016fec 50874->50875 50876 1001700c 50875->50876 50877 10016ffc ??0CInternetAvailability@@QAE 50875->50877 50878 1001700e CreateEventW 50876->50878 50877->50878 50879 10017097 CreateEventW 50878->50879 50885 10017029 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50878->50885 50880 100170a5 50879->50880 50881 1001711e CreateThread 50879->50881 50884 100170ac CloseHandle 50880->50884 50891 100170b6 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50880->50891 50882 100139c6 50881->50882 50883 1001713c 50881->50883 51057 10015e80 50881->51057 50887 10017143 CloseHandle 50883->50887 50888 1001714d 50883->50888 50884->50891 50885->50879 50887->50888 50889 10017154 CloseHandle 50888->50889 50892 1001715e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50888->50892 50889->50892 50891->50881 50892->50882 50944 100125e0 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ _IsFileExist 50894->50944 50896 10012aff 50896->50860 50898 10016be0 50897->50898 50968 100105f0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 50898->50968 50900 10016bef ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50901 10016c11 50900->50901 50969 10010310 10 API calls 50901->50969 50903 10016c4e ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50981 10010590 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 50903->50981 50905 10016c79 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50982 100105c0 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 50905->50982 50907 10016ca2 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50908 10016cc7 50907->50908 50983 10011760 50908->50983 50910 10016cd3 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ _IsDirExist 50911 10016d01 50910->50911 50912 10016ced ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ CreateDirectoryW 50910->50912 50911->50867 50912->50911 50913 10016d1d 50912->50913 50913->50867 50915 1001a4be 3 API calls 50914->50915 50916 100086e8 50915->50916 50917 100086f8 ??0CHTTPClientAsync@@QAE 50916->50917 50918 1000870a 50916->50918 50917->50918 50919 10008734 50918->50919 50920 10008717 ??0CErrRuntimeException@@QAE _CxxThrowException 50918->50920 51016 10007a00 50919->51016 50920->50919 50923 10008752 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrRuntimeException@@QAE@ABV0@ _CxxThrowException 50924 1000879b ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ 50923->50924 50925 100087b5 50924->50925 50926 1000880a ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50925->50926 50927 100087bd wsprintfW ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrRuntimeException@@QAE@ABV0@ _CxxThrowException 50925->50927 50926->50870 50927->50926 50929 10016b72 50928->50929 50930 10016ac8 50928->50930 50929->50874 50930->50929 51034 10008260 ??0CAutoLock@@QAE@ABVCLockable@@ 50930->51034 50932 10016ad8 51039 10016830 50932->51039 50934 10016ae9 50935 10016af5 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 50934->50935 50936 10016b66 50934->50936 50938 1001a4be 3 API calls 50935->50938 51054 10003cd0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??3@YAXPAX 50936->51054 50941 10016b0d 50938->50941 50939 10016b1d ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50939->50941 50941->50939 51047 10007760 50941->51047 51053 10008b40 14 API calls 50941->51053 50943 10016b54 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50943->50934 50945 1001261d ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrException@@QAE@ABV0@ _CxxThrowException 50944->50945 50946 1001265e ??0CXmlDocument@@QAE ?initFromFile@CXmlDocument@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@ ?isNull@CXmlNode@ 50944->50946 50945->50946 50947 100126dc ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50946->50947 50948 1001269e ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrMessageFormatException@@QAE@ABV0@ _CxxThrowException 50946->50948 50949 10012720 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ ??0CErrMessageFormatException@@QAE@ABV0@ _CxxThrowException 50947->50949 50950 1001275e ?getFirstChild@CXmlNode@@QAE?AV1 50947->50950 50948->50947 50949->50950 50951 10012776 ?isNull@CXmlNode@ 50950->50951 50952 100128a4 ??1CXmlDocument@@QAE 50951->50952 50953 10012787 ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50951->50953 50952->50896 50954 100127cc ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50953->50954 50956 100127bb 50953->50956 50954->50956 50957 1001280e ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50954->50957 50960 10012884 ?getNextSibling@CXmlNode@@QAE?AV1 50956->50960 50964 100118e0 62 API calls 50956->50964 50965 10010e90 18 API calls 50956->50965 50966 10011090 28 API calls 50956->50966 50957->50956 50959 1001284a ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50957->50959 50959->50960 50962 10012878 50959->50962 50960->50951 50967 10011d70 39 API calls 50962->50967 50964->50956 50965->50956 50966->50956 50967->50960 50968->50900 50970 10010413 ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I 50969->50970 50971 100103df 50969->50971 50973 10010460 ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI 50970->50973 50974 1001042e 50970->50974 50972 100103e0 ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@ ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I 50971->50972 50972->50970 50972->50972 50976 1001047b 50973->50976 50977 100104ad ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI 50973->50977 50975 10010430 ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@ ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I 50974->50975 50975->50973 50975->50975 50978 10010480 ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI 50976->50978 50979 100104f5 6 API calls 50977->50979 50980 100104c8 ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI 50977->50980 50978->50977 50978->50978 50979->50903 50980->50979 50980->50980 50981->50905 50982->50907 50984 10011770 50983->50984 51005 100118af 50983->51005 50985 10011787 50984->50985 50986 10011797 50984->50986 51008 10003cd0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??3@YAXPAX 50985->51008 50989 10011803 50986->50989 50990 100117ae 50986->50990 50988 1001178e 50988->50910 50993 10011861 50989->50993 50994 10011817 50989->50994 51009 100106e0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 50990->51009 50992 100117bb 51010 100039f0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50992->51010 50996 1001187d 50993->50996 51013 100039f0 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 50993->51013 51011 100106e0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 50994->51011 51014 10010760 7 API calls 50996->51014 50997 100117ca 50997->50910 51000 10011871 ??3@YAXPAX 51000->50996 51002 1001183e 51012 10010c50 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 51002->51012 51003 10011898 51003->51005 51015 10010e70 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 51003->51015 51005->50910 51006 10011852 51006->50910 51008->50988 51009->50992 51010->50997 51011->51002 51012->51006 51013->51000 51014->51003 51015->51005 51033 1001a4e3 51016->51033 51018 10007a3a ObtainUserAgentString 51019 10007a74 51018->51019 51020 10007a4e 51018->51020 51022 10007ac2 51019->51022 51023 10007a78 MultiByteToWideChar 51019->51023 51020->51019 51021 10007a55 ??_V@YAXPAX 51020->51021 51024 1001a4e3 51021->51024 51026 10007ac6 ??_V@YAXPAX 51022->51026 51027 10007acf 51022->51027 51023->51022 51025 10007a8d 51023->51025 51030 10007a64 ObtainUserAgentString 51024->51030 51031 10007a97 MultiByteToWideChar 51025->51031 51026->51027 51028 10007ad3 ??_V@YAXPAX 51027->51028 51029 10007adc 51027->51029 51028->51029 51029->50923 51029->50924 51030->51019 51031->51022 51032 10007ab1 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 51031->51032 51032->51022 51035 100082a0 51034->51035 51036 100082f5 ??1CAutoLock@@QAE 51035->51036 51037 100082d0 memmove 51035->51037 51038 100082ae ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ??3@YAXPAX 51035->51038 51036->50932 51037->51035 51038->51037 51040 10016862 51039->51040 51041 10016889 51040->51041 51046 100168b9 51040->51046 51055 10010660 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ _CxxThrowException 51040->51055 51043 1001a4be 3 API calls 51041->51043 51044 10016894 51043->51044 51056 10016790 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ 51044->51056 51046->50934 51048 100078ad 51047->51048 51049 1000779b 51047->51049 51048->50941 51050 10007800 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@ InternetCrackUrlW 51049->51050 51051 10007857 6 API calls 51050->51051 51052 10007828 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 51050->51052 51051->50941 51052->51051 51053->50943 51054->50929 51056->51046 51058 10015ed3 swprintf CreateEventW 51057->51058 51059 10015eb7 WaitForSingleObject ResetEvent 51057->51059 51067 10015ba0 ?GetCurrentSystemDateTimeInFileTimeFormat@@YGHAAU_FILETIME@@ __aulldiv 51058->51067 51059->51058 51060 10016040 51059->51060 51062 10015f16 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?UnicodeToAscii@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?IsInternetAvailable@CInternetAvailability@@QAEHPADH ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 51064 10015f8b ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?UnicodeToAscii@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?NotifyForInternetConnection@CInternetAvailability@@QAEHIIPAVCInternetAvailabilityNotification@@PADPAXH 51062->51064 51065 10015fda ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ?UnicodeToAscii@@YG?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@I ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?NotifyForInternetConnection@CInternetAvailability@@QAEHIIPAVCInternetAvailabilityNotification@@PADPAXH 51062->51065 51066 1001602f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 51064->51066 51065->51066 51066->51060 51067->51062 51068 4811f0 ??0CAutoLock@@QAE@ABVCLockable@@ 51069 481284 51068->51069 51070 481244 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrIllegalArgumentException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ 51068->51070 51071 4812cf 51069->51071 51072 48128f ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrIllegalArgumentException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ 51069->51072 51073 481275 _CxxThrowException 51070->51073 51082 7b2c70 51071->51082 51074 4812c0 _CxxThrowException 51072->51074 51073->51069 51074->51071 51076 481360 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@ 51078 481383 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 51076->51078 51077 4812f2 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG ??0CErrFileException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0HJ ??0CErrFileException@@QAE@ABV0@ _CxxThrowException 51077->51076 51079 485627 2 API calls 51078->51079 51080 4813b8 51079->51080 51083 7b2ca2 wcslen 51082->51083 51085 4812ee 51082->51085 51084 7b2cb0 GetFileAttributesW 51083->51084 51083->51085 51084->51085 51085->51076 51085->51077 51086 81dc3a 51087 81dc44 ReleaseSemaphore 51086->51087 51088 81ddf6 51086->51088 51089 81c41c 11 API calls 51087->51089 51090 8044f8 11 API calls 51088->51090 51091 81dc6b 51089->51091 51092 81de0b 51090->51092 51094 81dc78 7 API calls 51091->51094 51093 8044f8 11 API calls 51092->51093 51095 81de13 51093->51095 51098 81dcfb 51094->51098 51096 81ddac 51106 8053ec 13 API calls 51096->51106 51098->51096 51100 81dd19 SetEvent WaitForSingleObject TerminateThread CloseHandle CloseHandle 51098->51100 51103 8044f8 11 API calls 51098->51103 51099 81ddbd CloseHandle CloseHandle DeleteCriticalSection 51102 8044f8 11 API calls 51099->51102 51100->51098 51101 81dd95 LocalFree 51100->51101 51101->51098 51104 81dde9 LocalFree 51102->51104 51105 81dd83 LocalFree 51103->51105 51104->51088 51105->51101 51106->51099 51107 7bc140 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE ?GetCSIDLFromString@@YGHPBGPAH 51108 7bc18d SHGetFolderPathW 51107->51108 51110 7bc1a7 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG 51107->51110 51109 7bc1bd ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@ ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE 51108->51109 51108->51110 51110->51109

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 007B66A0 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 166synchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CWinOsInfo@@QAE@XZ.MGCOMMON ref: 007B66C5
                                                                                                                                                                                                                  • Part of subcall function 007CC530: GetVersionExW.KERNEL32(?,?,?,?,007B66CA), ref: 007CC550
                                                                                                                                                                                                                • ?IsVistaOrLater@CWinOsInfo@@QBE_NXZ.MGCOMMON ref: 007B66DD
                                                                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32 ref: 007B672C
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(00000001,00000001,00000000,00000000), ref: 007B6743
                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NW;;;LW),00000001,?,00000000), ref: 007B676E
                                                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 007B6790
                                                                                                                                                                                                                • SetSecurityDescriptorSacl.ADVAPI32(00000001,00000001,?,00000000), ref: 007B67AB
                                                                                                                                                                                                                • CreateMutexW.KERNEL32(0000000C,00000000,?), ref: 007B67C7
                                                                                                                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 007B67DF
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007B67E4
                                                                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32 ref: 007B6813
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 007B6826
                                                                                                                                                                                                                • CreateMutexW.KERNEL32(0000000C,00000000,?), ref: 007B683F
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007B6844
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 007B6852
                                                                                                                                                                                                                • wsprintfW.USER32 ref: 007B6866
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 007B687D
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 007B6887
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 007B68A4
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(dt},007DC070), ref: 007B68B4
                                                                                                                                                                                                                • ??1CWinOsInfo@@UAE@XZ.MGCOMMON ref: 007B68C8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DescriptorSecurity$CreateErrorG@std@@Info@@LastMutexU?$char_traits@V?$allocator@$??0?$basic_string@DaclG@2@@std@@InitializeSacl$ConvertExceptionException@@G@2@@std@@@Later@StringThrowV01@@V?$basic_string@VersionVistawsprintf
                                                                                                                                                                                                                • String ID: CMutex::Constructor, GetLastError=%d$S:(ML;;NW;;;LW)$dt}
                                                                                                                                                                                                                • API String ID: 3739819402-3072482169
                                                                                                                                                                                                                • Opcode ID: 078df22e3cbf30f20fbc72d1e5bb427c8e0e2cd5ca0d2644512501bde70c4007
                                                                                                                                                                                                                • Instruction ID: bf0f86bb798c574cc3598a901b08a108359ef6a6bc80b2b8dec8cf7e85c49407
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 078df22e3cbf30f20fbc72d1e5bb427c8e0e2cd5ca0d2644512501bde70c4007
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B514EB1509341EFD314DF64D884AABBBF9FB88704F448D2EF58982290E778D944CB56
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081D66C Relevance: 33.4, APIs: 22, Instructions: 360filenativesynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 341 81d66c-81d6b2 GetLastError 342 81d6bc-81d6be 341->342 343 81d6b7 call 80d11c 341->343 344 81d6c4-81d6cd call 80d7fc 342->344 345 81db1a-81db45 SetLastError call 80451c call 8044f8 342->345 343->342 350 81d6e5-81d73b call 805d88 call 81d564 GetCurrentProcessId call 8046f0 call 81bdf8 344->350 351 81d6cf-81d6d6 344->351 367 81daa2-81daa4 350->367 379 81d741-81d7ab call 81c4d4 call 8046f0 call 81c41c call 805d88 * 2 call 81535c 350->379 351->350 353 81d6d8-81d6df 351->353 353->350 356 81d904-81d92c call 8046f0 call 81c1f4 353->356 356->367 368 81d932-81d96b call 8046f0 call 81bdf8 356->368 370 81db06-81db08 367->370 371 81daa6-81daaa 367->371 387 81d971-81d988 OpenProcess 368->387 388 81da90-81da9d ReleaseMutex CloseHandle 368->388 374 81db15-81db17 370->374 375 81db0a-81db10 call 81bdb0 370->375 376 81db00-81db01 CloseHandle 371->376 377 81daac-81dab0 371->377 374->345 375->374 376->370 377->376 381 81dab2-81dac9 call 81d4d4 377->381 420 81d7b1-81d811 call 805d88 CreateFileMappingA MapViewOfFile 379->420 421 81d85f-81d877 call 8035dc 379->421 393 81dafb-81dafd 381->393 394 81dacb-81dadf call 81d4d4 381->394 387->388 391 81d98e-81d9b0 GetCurrentProcess DuplicateHandle 387->391 388->367 391->388 395 81d9b6-81d9d8 call 81535c WriteFile 391->395 393->376 401 81dae1-81daf2 call 8035dc 394->401 402 81daf4-81daf9 394->402 406 81da77-81da79 395->406 407 81d9de-81d9e2 395->407 401->376 402->376 412 81da7d-81da8b CloseHandle 406->412 407->406 410 81d9e8-81da05 WriteFile 407->410 410->406 413 81da07-81da0b 410->413 412->388 413->406 415 81da0d-81da27 WriteFile 413->415 415->406 417 81da29-81da2d 415->417 417->406 419 81da2f-81da49 WriteFile 417->419 419->406 422 81da4b-81da4f 419->422 429 81d813-81d832 call 8035dc UnmapViewOfFile 420->429 430 81d838-81d85d 420->430 431 81d87a-81d8aa NtConnectPort 421->431 422->406 425 81da51-81da6d WriteFile 422->425 425->406 428 81da6f-81da75 425->428 428->406 434 81da7b 428->434 429->430 430->431 432 81d8b5-81d8bd 431->432 433 81d8ac-81d8b0 CloseHandle 431->433 436 81d8c5-81d8da 432->436 437 81d8bf-81d8c0 CloseHandle 432->437 433->432 434->412 436->367 439 81d8e0-81d8e4 436->439 437->436 439->367 440 81d8ea-81d8ff OpenProcess 439->440 440->367
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,0081DB46), ref: 0081D6A3
                                                                                                                                                                                                                  • Part of subcall function 0080D11C: IsBadReadPtr.KERNEL32(00000000,00000000), ref: 0080D14C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000000,0081DB46), ref: 0081DB1B
                                                                                                                                                                                                                  • Part of subcall function 0080D7FC: GetVersion.KERNEL32(0081DEE4), ref: 0080D80B
                                                                                                                                                                                                                  • Part of subcall function 0080D7FC: GetVersionExW.KERNEL32(?,0081DEE4), ref: 0080D82D
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,0081DB46), ref: 0081D70B
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D7D9
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D7FF
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,000F001F,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D82B
                                                                                                                                                                                                                • NtConnectPort.NTDLL(?,000000F0,?,?,?,00000000,?,00000104), ref: 0081D8A2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0081D8B0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0081D8C0
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 0081D8F8
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D97F
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D99B
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002,00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D9A9
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,?,00000000,00000000,?,00000000,?,00000000,00000000,00000002,00100040,00000000,?,00000000), ref: 0081D9D1
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,?,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0081D9FE
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?,?,00000004,?,00000000,00000000), ref: 0081DA20
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?), ref: 0081DA42
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,00000004,00000000,?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?), ref: 0081DA66
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000004,?,00000000,00000000,?,00000000,?,00000000,00000000,00000002,00100040,00000000,?), ref: 0081DA8B
                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081DA94
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081DA9D
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000000,00000000,0081DB46), ref: 0081DB01
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$Handle$CloseWrite$Process$CurrentErrorLastOpenVersionView$ConnectCreateDuplicateMappingMutexPortReadReleaseUnmap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4145780775-0
                                                                                                                                                                                                                • Opcode ID: d64bda629a6cfe6a8a9a904c452e4d4da598288fd14db0cfa73752f9a7a24151
                                                                                                                                                                                                                • Instruction ID: aff6c5e994f270a3124a9b8be026fd7965444aa434f2835d88b4d48e7bda0ab4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d64bda629a6cfe6a8a9a904c452e4d4da598288fd14db0cfa73752f9a7a24151
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59E1EA71A043199BEB60DF68CC85BEEB7B8FF09300F5045A5E918E7281DB749A85CF61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081C98C Relevance: 28.7, APIs: 19, Instructions: 203nativememoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000200), ref: 0081C9A1
                                                                                                                                                                                                                • NtReplyWaitReceivePort.NTDLL(?,00000000,00000000,00000024), ref: 0081C9B7
                                                                                                                                                                                                                • NtAcceptConnectPort.NTDLL(?,00000000,00000024,00000000,00000000,00000000), ref: 0081CA02
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0081CA09
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0081CA13
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000018), ref: 0081CA23
                                                                                                                                                                                                                • NtAcceptConnectPort.NTDLL(?,00000000,00000024,00000001,00000000,?), ref: 0081CA5A
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 0081CA9A
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000040,?), ref: 0081CAD0
                                                                                                                                                                                                                • NtCompleteConnectPort.NTDLL(?), ref: 0081CADC
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0081CAE6
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,0000000C,?,?), ref: 0081CB1E
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,0000000C,?,?), ref: 0081CB40
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,0081CB86,?,?,0000000C,?,?), ref: 0081CB79
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0081CBCF
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Local$Port$AllocConnectFree$AcceptCriticalSection$CloseCompleteCurrentEnterEventHandleLeaveProcessReceiveReplyWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3707044477-0
                                                                                                                                                                                                                • Opcode ID: 9a3f3410594572abb1af84cc06354a54a363eb9201eaf060b2f119b8e0367fb6
                                                                                                                                                                                                                • Instruction ID: 0305566091dacc56cdc72434077b7491f2bfc1aeac9646e126f90e4a02aa7f89
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a3f3410594572abb1af84cc06354a54a363eb9201eaf060b2f119b8e0367fb6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08713DB1640208AFDB50DF68CC86FAABBE8FF09710F108555F945DB292D774E980CB61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081DC3A Relevance: 28.7, APIs: 19, Instructions: 160synchronizationthreadnativeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 0081DC56
                                                                                                                                                                                                                • NtConnectPort.NTDLL(?,?,?,00000000,00000000,00000000,00000000,?), ref: 0081DC9A
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 0081DCA9
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,00000000,?,00000064), ref: 0081DCB7
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,00000064), ref: 0081DCC3
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,?,?,00000000,?,00000064), ref: 0081DCD1
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DCDF
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DCEB
                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DD1D
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DD30
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,00000000,?,00000064,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DD43
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,00000064,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DD54
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,?,00000064,?,?,?,00000000,?,00000064,?,?,00000000,?), ref: 0081DD66
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00000000,?,00000064,?,?,?,00000000,?,00000064,?,?,00000000), ref: 0081DD90
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00000000,?,00000064,?,?,?,00000000,?,00000064,?,?,00000000), ref: 0081DD9F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DDC4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DDD0
                                                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(-0000001C,?,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DDDC
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,-0000001C,?,?,?,?,00000000,?,00000064,?,?,00000000,?,00000064), ref: 0081DDED
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle$FreeLocalObjectSingleTerminateThreadWait$ConnectCriticalDeleteEventPortReleaseSectionSemaphore
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1523373319-0
                                                                                                                                                                                                                • Opcode ID: 9a8f7c37dd96c5949ce5b7f406ea1374f4c13f0faf7007db3f1acaaaf958e9ae
                                                                                                                                                                                                                • Instruction ID: b13709651a20c09196f4e8d4d54aa58541ece026f17b6a13c373ca27590b94a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a8f7c37dd96c5949ce5b7f406ea1374f4c13f0faf7007db3f1acaaaf958e9ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C551B775E006059FDB50EFACC885EAEB7B8FF09310F458451BA10EB3A2D679E9018F61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081CCDC Relevance: 21.2, APIs: 14, Instructions: 155threadmemorynativeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0081CD0D
                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,00000000,00000000,?,00000001), ref: 0081CD1C
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000018,?,000000FF,00000000,00000000,?,00000001), ref: 0081CD25
                                                                                                                                                                                                                • NtCreatePort.NTDLL(FFFFFFFF,00000000,00000104,0000012C,00000000), ref: 0081CD56
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000), ref: 0081CD63
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0082394C,00000000,00000000), ref: 0081CD8A
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000048), ref: 0081CDC9
                                                                                                                                                                                                                • CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 0081CE19
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0001C98C,00000000,00000000,?), ref: 0081CE3A
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0001C668,?,00000000,00000000), ref: 0081CE5B
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(?,00000007,00000000,00000000,Function_0001C668,?,00000000,00000000,00000000,00000000,Function_0001C98C,00000000,00000000,?,00000040,00000048), ref: 0081CE72
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000007,00000001,?,00000007,00000000,00000000,Function_0001C668,?,00000000,00000000,00000000,00000000,Function_0001C98C,00000000,00000000,?), ref: 0081CE85
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,00000007,00000001,?,00000007,00000000,00000000,Function_0001C668,?,00000000,00000000,00000000,00000000,Function_0001C98C,00000000,00000000), ref: 0081CE96
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0082394C,0081CEBA,?,00000007,00000000,00000000,Function_0001C668,?,00000000,00000000,00000000,00000000,Function_0001C98C,00000000,00000000,?), ref: 0081CEAD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateThread$CriticalLocalSection$AllocDescriptorInitializePrioritySecurity$DaclEnterFreeLeavePortSemaphore
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 553606569-0
                                                                                                                                                                                                                • Opcode ID: 9fdd953b7d56ac7af386ea97af5dfe921849c2c554c3b63b2af311ea27463f92
                                                                                                                                                                                                                • Instruction ID: 5d44165c69352a78832e009dfe3a6382a8fb59b77a18484569dcea5a17cbf34c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fdd953b7d56ac7af386ea97af5dfe921849c2c554c3b63b2af311ea27463f92
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14515B70A41304AFD750EF98DC82F9ABBA4FB4A710F108555F604AB3D6D7B4EA818B91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081D664 Relevance: 16.7, APIs: 11, Instructions: 219filenativeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,0081DB46), ref: 0081D6A3
                                                                                                                                                                                                                  • Part of subcall function 0080D11C: IsBadReadPtr.KERNEL32(00000000,00000000), ref: 0080D14C
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000000,0081DB46), ref: 0081DB1B
                                                                                                                                                                                                                  • Part of subcall function 0080D7FC: GetVersion.KERNEL32(0081DEE4), ref: 0080D80B
                                                                                                                                                                                                                  • Part of subcall function 0080D7FC: GetVersionExW.KERNEL32(?,0081DEE4), ref: 0080D82D
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,0081DB46), ref: 0081D70B
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D7D9
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D7FF
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,000F001F,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,000000F0,00000000), ref: 0081D82B
                                                                                                                                                                                                                • NtConnectPort.NTDLL(?,000000F0,?,?,?,00000000,?,00000104), ref: 0081D8A2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0081D8B0
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0081D8C0
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 0081D8F8
                                                                                                                                                                                                                • OpenProcess.KERNEL32(00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D97F
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D99B
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002,00100040,00000000,?,00000000,?,00000000,00000000,00000000,0081DB46), ref: 0081D9A9
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,?,00000000,00000000,?,00000000,?,00000000,00000000,00000002,00100040,00000000,?,00000000), ref: 0081D9D1
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,?,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0081D9FE
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?,?,00000004,?,00000000,00000000), ref: 0081DA20
                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?,?,00000004,00000004,00000000,?), ref: 0081DA42
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000000,00000000,0081DB46), ref: 0081DB01
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$HandleProcessWrite$Close$CurrentErrorLastOpenVersionView$ConnectCreateDuplicateMappingPortReadUnmap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2042162577-0
                                                                                                                                                                                                                • Opcode ID: 0db856f7c7e3b176d1fd5836d7ba900920b7d1d77492aa69ca3d58d91b52b134
                                                                                                                                                                                                                • Instruction ID: 314e396f6dc67ec4e3aa904bd35411b87e1d5ddd80a7807807bcf52f1c0326aa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0db856f7c7e3b176d1fd5836d7ba900920b7d1d77492aa69ca3d58d91b52b134
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B911770A042199BDB60EF68CC85BDEB7B8FF49300F5045A6E908E7291DB349A85CF61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E143 Relevance: 16.7, APIs: 11, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000000,0081E332), ref: 0081E184
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,0081E332), ref: 0081E18A
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1B8
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1CF
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,00000000,00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000), ref: 0081E1E7
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E210
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E243
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E276
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,TokenIntegrityLevel,00000000,00000000), ref: 0081E2EE
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,TokenIntegrityLevel,00000000,00000000,00000000,00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310), ref: 0081E2F4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,0081E317,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E30A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$LookupPrivilegeValue$InformationLocalProcess$AdjustAllocCloseCurrentFreeHandleOpenPrivileges
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4050356984-0
                                                                                                                                                                                                                • Opcode ID: 9aba3c8a5a1a8824745a540cbc888fd9656881b234d359c0e65e3eaaf8f9a7ea
                                                                                                                                                                                                                • Instruction ID: c13c829b2681a62bfa91c7c6cfc865791a47c7c3b798fd8697d0f9e971a68050
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9aba3c8a5a1a8824745a540cbc888fd9656881b234d359c0e65e3eaaf8f9a7ea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3513C71A00209AFDB51DBA8CC96FEEBBBCFF08314F104565FA00EB281D775A9558B61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E15C Relevance: 16.7, APIs: 11, Instructions: 162memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000000,0081E332), ref: 0081E184
                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,0081E332), ref: 0081E18A
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1B8
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1CF
                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,00000000,00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000), ref: 0081E1E7
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E210
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E243
                                                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E276
                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,TokenIntegrityLevel,00000000,00000000), ref: 0081E2EE
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,TokenIntegrityLevel,00000000,00000000,00000000,00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310), ref: 0081E2F4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,0081E317,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E30A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$LookupPrivilegeValue$InformationLocalProcess$AdjustAllocCloseCurrentFreeHandleOpenPrivileges
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4050356984-0
                                                                                                                                                                                                                • Opcode ID: f6222e09f93ec1d4fc642946200208f765e4050cb6dc5c4bc90516c69d0630ad
                                                                                                                                                                                                                • Instruction ID: bd29b24f7dd9406d8135a6c0167aa61ef4ef1198fe4c48dcefff3d8debce6a0a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6222e09f93ec1d4fc642946200208f765e4050cb6dc5c4bc90516c69d0630ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13511771A00209AFEB51DBA8CC92FEEB7BCFF48314F504465FA00E7281D775AA548B61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004069C0 Relevance: 147.5, APIs: 73, Strings: 11, Instructions: 500registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 0 4069c0-406a14 ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z 1 406a16-406a18 0->1 2 406a1a-406a2f 0->2 3 406a31-406a33 1->3 2->3 4 407237-407244 3->4 5 406a39-406a49 3->5 6 407246-407248 4->6 7 40726c-407289 4->7 8 406a50-406aaf ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ RegOpenKeyExW 5->8 9 407263-407269 ??3@YAXPAX@Z 6->9 10 40724a 6->10 11 4071f0-407208 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 8->11 12 406ab5-406abd 8->12 9->7 13 407250-40725d ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 10->13 14 407215-407229 11->14 15 40720a-407211 RegCloseKey 11->15 16 406ac6-406ad0 12->16 17 406abf-406ac0 RegCloseKey 12->17 13->13 20 40725f 13->20 14->8 18 40722f-407233 14->18 15->14 16->11 19 406ad6-406ade 16->19 17->16 18->4 21 406ae4-406ae5 19->21 22 406cb5-406d32 call 403210 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?GetStringValue@@YAHAAVCRegKey@ATL@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@@Z ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z 19->22 20->9 21->11 23 406aeb-406c61 call 403210 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@@Z 21->23 28 406ef8-406f09 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z 22->28 29 406d38-406ef3 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z 22->29 68 406c80-406cb0 call 403d90 ??3@YAXPAX@Z 23->68 69 406c63-406c7b call 406890 23->69 30 407037-407048 ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z 28->30 31 406f0f-407032 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z 28->31 74 407171-40718f ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@@Z 29->74 37 4071ab-4071e9 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ call 403d90 ??3@YAXPAX@Z 30->37 38 40704e-40716a ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 4060a0 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z 30->38 31->74 53 4071ed 37->53 38->74 53->11 68->53 69->68 74->37 78 407191-4071a6 call 406890 74->78 78->37
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z.MGCOMMON(?,?,?,00000000,?,75A8E9B0), ref: 00406A01
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406A60
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 00406A7D
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 00406A90
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,00000000,00000000,00020019,?), ref: 00406AA7
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00406AC0
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyParent), ref: 00406B28
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406B4E
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406B63
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyName), ref: 00406B75
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406B9B
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406BB0
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406BE8
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406BFD
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CheckIfRunning), ref: 00406C0F
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406C35
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406C4A
                                                                                                                                                                                                                • ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@@Z.MGCOMMON(?,?), ref: 00406C5A
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 00406CA3
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406CEA
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Type), ref: 00406D0A
                                                                                                                                                                                                                • ?GetStringValue@@YAHAAVCRegKey@ATL@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@@Z.MGCOMMON(?), ref: 00406D15
                                                                                                                                                                                                                • ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP71(00000002,Registry), ref: 00406D2B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Type), ref: 00406D44
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71 ref: 00406D6A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406D7E
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CheckIfRunning), ref: 00406D90
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406DB6
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406DCA
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyParent), ref: 00406DDC
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406E02
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406E16
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyName), ref: 00406E28
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406E4E
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406E62
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(ValueName), ref: 00406E74
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406E9A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406EAE
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(FileName), ref: 00406EC0
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406EE6
                                                                                                                                                                                                                • ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP71(?,File), ref: 00406F02
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Type), ref: 00406F1B
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71 ref: 00406F41
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406F55
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CheckIfRunning), ref: 00406F67
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406F8D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406FA1
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(FileWithPath), ref: 00406FB3
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00406FD9
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406FED
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(ShellFolderCode), ref: 00406FFF
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,00409670), ref: 00407025
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(ValueName), ref: 00406BC2
                                                                                                                                                                                                                  • Part of subcall function 004060A0: ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP71(?,?,?,007B9DB0,7C3D2D65,00000000), ref: 004060D3
                                                                                                                                                                                                                  • Part of subcall function 004060A0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,007B9DB0,7C3D2D65,00000000), ref: 004060E4
                                                                                                                                                                                                                  • Part of subcall function 004060A0: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,00000000), ref: 0040612C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00407178
                                                                                                                                                                                                                • ?GetValuesFromRegistry@@YAHAAVCRegKey@ATL@@AAUtagREGISTRY_DATA@@@Z.MGCOMMON(?,?), ref: 00407188
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 004071B7
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 004071E0
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 004071FC
                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?), ref: 0040720B
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00407252
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 00407264
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@$??1?$basic_string@$??4?$basic_string@V01@$V?$basic_string@$Key@$??3@G@1@@std@@$??$?8A@@@CloseFromG@2@@0@Registry@@UtagValues$??$??c_str@?$basic_string@EnumG@2@@0@0@G@2@@std@@@2@@std@@@KeysNames@@OpenStringV01@@V34@@V?$vector@Value@@
                                                                                                                                                                                                                • String ID: CheckIfRunning$File$FileName$FileWithPath$KeyName$KeyParent$Registry$ShellFolderCode$ShellLink$Type$ValueName
                                                                                                                                                                                                                • API String ID: 1253805253-3831455781
                                                                                                                                                                                                                • Opcode ID: a36e6ac2ff4439129e9d115eb1bb7f1b30a529e9073633a15b0ccd6b122fd821
                                                                                                                                                                                                                • Instruction ID: 5ddedad84dcf49cdd6f9395967791a853e1a68f6f41c73a7897fcb8fbcebf662
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a36e6ac2ff4439129e9d115eb1bb7f1b30a529e9073633a15b0ccd6b122fd821
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10327E355083819FC764DF64C998B9FBBE4BF94304F04492DF58A632A2DB789908CB67
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 100125E0 Relevance: 70.2, APIs: 37, Strings: 3, Instructions: 215windowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 81 100125e0-1001261b ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ _IsFileExist@4 82 1001261d-10012659 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 81->82 83 1001265e-1001269c ??0CXmlDocument@@QAE@XZ ?initFromFile@CXmlDocument@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@@XZ ?isNull@CXmlNode@@QAE_NXZ 81->83 82->83 84 100126dc-1001271e ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 83->84 85 1001269e-100126d7 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrMessageFormatException@@QAE@ABV0@@Z _CxxThrowException 83->85 86 10012720-10012759 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrMessageFormatException@@QAE@ABV0@@Z _CxxThrowException 84->86 87 1001275e-10012770 ?getFirstChild@CXmlNode@@QAE?AV1@XZ 84->87 85->84 86->87 88 10012776-10012781 ?isNull@CXmlNode@@QAE_NXZ 87->88 89 100128a4-100128c4 ??1CXmlDocument@@QAE@XZ 88->89 90 10012787-100127b9 ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 88->90 91 100127bb-100127c7 call 100118e0 90->91 92 100127cc-100127fe ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 90->92 100 10012884-1001289f ?getNextSibling@CXmlNode@@QAE?AV1@XZ 91->100 94 10012800-1001280c call 10010e90 92->94 95 1001280e-1001283a ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 92->95 94->100 98 1001284a-10012876 ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 95->98 99 1001283c-10012848 call 10011090 95->99 98->100 103 10012878-1001287f call 10011d70 98->103 99->100 100->88 103->100
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(00000000,00000000,00000004), ref: 1001260C
                                                                                                                                                                                                                • _IsFileExist@4.MGCOMMON(00000000), ref: 10012613
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Automatic update File not exists!), ref: 1001262A
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10012633
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10012647
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10012659
                                                                                                                                                                                                                • ??0CXmlDocument@@QAE@XZ.MGXML_WRAPPER(?,1002A55C), ref: 10012661
                                                                                                                                                                                                                • ?initFromFile@CXmlDocument@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(00000004), ref: 10012677
                                                                                                                                                                                                                • ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@@XZ.MGXML_WRAPPER(?), ref: 1001268B
                                                                                                                                                                                                                • ?isNull@CXmlNode@@QAE_NXZ.MGXML_WRAPPER ref: 10012694
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(AutoUpdate analysis error. Could not obtain the AutoUpdate child.), ref: 100126AB
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100126B4
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 100126C5
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,100298A8), ref: 100126D7
                                                                                                                                                                                                                • ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 100126F0
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,10038464), ref: 10012702
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012716
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(AutoUpdate analysis error. The AutoUpdate does not exists.), ref: 1001272D
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10012736
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10012747
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,100298A8), ref: 10012759
                                                                                                                                                                                                                • ?getFirstChild@CXmlNode@@QAE?AV1@XZ.MGXML_WRAPPER(?), ref: 10012770
                                                                                                                                                                                                                • ?isNull@CXmlNode@@QAE_NXZ.MGXML_WRAPPER ref: 10012779
                                                                                                                                                                                                                • ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10012791
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,10038480), ref: 1001279D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100127B1
                                                                                                                                                                                                                • ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 100127D6
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,1003849C), ref: 100127E2
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100127F6
                                                                                                                                                                                                                • ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10012815
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,100384B8), ref: 10012821
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012832
                                                                                                                                                                                                                • ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10012851
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,10038624), ref: 1001285D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001286E
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?getFirstChild@CXmlNode@@QAE?AV1@XZ.MGXML_WRAPPER(00000000,004D13E0,007BD610,00000001), ref: 10011DA7
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?isNull@CXmlNode@@QAE_NXZ.MGXML_WRAPPER ref: 10011DB3
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10011DCB
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,10038640), ref: 10011DE1
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10011DF5
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?getElementAttributes@CXmlNode@@QAE?AV?$list@VCXmlNode@@V?$allocator@VCXmlNode@@@std@@@std@@XZ.MGXML_WRAPPER(?), ref: 10011E0A
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10011E1C
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10011E45
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10011E52
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?getNodeValue@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 10011E65
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000), ref: 10011E73
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10011E83
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(?,1003865C), ref: 10011E9C
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 10011EA8
                                                                                                                                                                                                                  • Part of subcall function 10011D70: _wtoi.MSVCR71 ref: 10011EAF
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10011EE6
                                                                                                                                                                                                                  • Part of subcall function 10011D70: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10011EF6
                                                                                                                                                                                                                • ?getNextSibling@CXmlNode@@QAE?AV1@XZ.MGXML_WRAPPER(?), ref: 1001288E
                                                                                                                                                                                                                • ??1CXmlDocument@@QAE@XZ.MGXML_WRAPPER ref: 100128AE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • AutoUpdate analysis error. The AutoUpdate does not exists., xrefs: 10012728
                                                                                                                                                                                                                • AutoUpdate analysis error. Could not obtain the AutoUpdate child., xrefs: 100126A6
                                                                                                                                                                                                                • Automatic update File not exists!, xrefs: 10012625
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$V?$basic_string@$Node@@$?get$??1?$basic_string@$Node$Cmpi@@G@2@@std@@0@Name@String$Exception@@$??0?$basic_string@$Document@@FormatG@2@@std@@@Message$ExceptionNull@ThrowV0@@$?c_str@?$basic_string@Child@First$??4?$basic_string@?initAttributes@DocumentElementExist@4FileFile@FromNextNode@@@std@@@std@@Root@Sibling@V01@V01@@V?$list@Value@_wtoi
                                                                                                                                                                                                                • String ID: AutoUpdate analysis error. Could not obtain the AutoUpdate child.$AutoUpdate analysis error. The AutoUpdate does not exists.$Automatic update File not exists!
                                                                                                                                                                                                                • API String ID: 206636447-3293158408
                                                                                                                                                                                                                • Opcode ID: fb4758b8680c762aae276f584237ee1a287e833e049009aab8ae8d6a75bf118a
                                                                                                                                                                                                                • Instruction ID: 665509f1e99ad5e825d65eb00c2c580fd5dce2358717b81a18d97a7ead498175
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb4758b8680c762aae276f584237ee1a287e833e049009aab8ae8d6a75bf118a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC918F72D01259DFDB04DBE4CD98BEEBBB8EF18300F208199E546A7180EB345B49DB61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10016DA0 Relevance: 63.3, APIs: 32, Strings: 4, Instructions: 330threadCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 106 10016da0-10016edf ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z * 5 call 1001a4be 109 10016ee1-10016ee3 call 100129e0 106->109 110 10016eea 106->110 113 10016ee8 109->113 112 10016eec-10016eff call 10016bb0 110->112 116 10016f01-10016f06 112->116 117 10016f4f-10016f68 call 1001a4be 112->117 113->112 119 10016f11-10016f4a ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 116->119 120 10016f08-10016f0e 116->120 122 10016f7a 117->122 123 10016f6a-10016f71 call 10008660 117->123 119->117 120->119 126 10016f7c-10016f88 122->126 127 10016f76-10016f78 123->127 128 10016fd8-10016ffa call 10007c40 call 10016a90 call 1001a4be 126->128 129 10016f8a-10016f8f 126->129 127->126 139 1001700c 128->139 140 10016ffc-1001700a ??0CInternetAvailability@@QAE@XZ 128->140 130 10016f91-10016f97 129->130 131 10016f9a-10016fd3 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 129->131 130->131 131->128 141 1001700e-10017027 CreateEventW 139->141 140->141 142 10017097-100170a3 CreateEventW 141->142 143 10017029-1001702e 141->143 144 100170a5-100170aa 142->144 145 1001711e-10017136 CreateThread 142->145 146 10017030-10017036 143->146 147 10017039-1001703e 143->147 150 100170b6-100170bb 144->150 151 100170ac-100170b3 CloseHandle 144->151 148 100171cc-100171de 145->148 149 1001713c-10017141 145->149 146->147 152 10017040-10017046 147->152 153 10017049-1001704e 147->153 156 10017143-1001714a CloseHandle 149->156 157 1001714d-10017152 149->157 158 100170c6-100170cb 150->158 159 100170bd-100170c3 150->159 151->150 152->153 154 10017050-10017056 153->154 155 10017059-10017092 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 153->155 154->155 155->142 156->157 161 10017154-1001715b CloseHandle 157->161 162 1001715e-10017163 157->162 163 100170d6-100170db 158->163 164 100170cd-100170d3 158->164 159->158 161->162 169 10017165-1001716b 162->169 170 1001716e-10017173 162->170 166 100170e6-10017119 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 163->166 167 100170dd-100170e3 163->167 164->163 166->145 167->166 169->170 172 10017175-1001717b 170->172 173 1001717e-10017183 170->173 172->173 176 10017185-1001718b 173->176 177 1001718e-100171c7 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrException@@QAE@ABV0@@Z _CxxThrowException 173->177 176->177 177->148
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E35
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E51
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E7A
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E8F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016EA4
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not load the configuration data.), ref: 10016F1E
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10016F27
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10016F38
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10016F4A
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not create AutoUpdate Dispatcher. (2)), ref: 10016FA7
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10016FB0
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10016FC1
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10016FD3
                                                                                                                                                                                                                • ??0CInternetAvailability@@QAE@XZ.MGCOMMUNICATION(00000004), ref: 10016FFE
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000004), ref: 10017020
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,00000000,00000000,00000004), ref: 10012A16
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A46
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A58
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A6A
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A7F
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.ConfigFiles.AutoUpdateConfigFilePath), ref: 10012AAA
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG ref: 10012AB4
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 10012ABC
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z.MGCONFIG(?), ref: 10012ACC
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000), ref: 10012AD9
                                                                                                                                                                                                                  • Part of subcall function 100129E0: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012AE6
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not create Initialize Thread Event), ref: 10017066
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 1001706F
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10017080
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017092
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 1001709C
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 100170AD
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not create Initialize Thread Event), ref: 100170F3
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100170FC
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 1001710A
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017119
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,10015E80,00000000,00000000,?), ref: 1001712B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 10017144
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 10017155
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not create Initialize Thread), ref: 1001719B
                                                                                                                                                                                                                • ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100171A4
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 100171B5
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 100171C7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Could not create AutoUpdate Dispatcher. (2), xrefs: 10016FA2
                                                                                                                                                                                                                • Could not create Initialize Thread, xrefs: 10017196
                                                                                                                                                                                                                • Could not load the configuration data., xrefs: 10016F19
                                                                                                                                                                                                                • Could not create Initialize Thread Event, xrefs: 10017061, 100170EE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??0?$basic_string@$Exception@@$V?$basic_string@$ExceptionG@2@@std@@@ThrowV0@@$?getCloseConfigCreateHandle$Config@@EventManager@@$??1?$basic_string@??4?$basic_string@Availability@@Config@DefaultInternetManager@PropertyStringThreadV01@V01@@V23@@malloc
                                                                                                                                                                                                                • String ID: Could not create AutoUpdate Dispatcher. (2)$Could not create Initialize Thread$Could not create Initialize Thread Event$Could not load the configuration data.
                                                                                                                                                                                                                • API String ID: 365295989-3381815934
                                                                                                                                                                                                                • Opcode ID: 212a154d75e4b9aeffd35f7660bcb5a407cac1f18bc4006d5fef94fb1add48d5
                                                                                                                                                                                                                • Instruction ID: 7aeda80fe6c2e1fd859124a64d629cd1339fee68adbbc815f45a809285babf1b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 212a154d75e4b9aeffd35f7660bcb5a407cac1f18bc4006d5fef94fb1add48d5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CD19070900B44DFD720DFA9CC88A9ABBF5FF99300F60455DE18B8B651DBB1AA84CB51
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00485060 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 181 485060-485109 call 481eb0 ??0CCriticalSec@@QAE@XZ ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z 184 48510b 181->184 185 485110-48511b 181->185 184->185 186 48511d 185->186 187 485122-48513b ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z 185->187 186->187 188 4851f1-485211 wcslen 187->188 189 485141-48516a ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z 187->189 190 48523e-485284 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z 188->190 191 485213-48523c wcslen * 2 188->191 192 48516c 189->192 193 485171-48517c 189->193 194 48528b-485296 190->194 195 485286 190->195 191->190 191->191 192->193 196 48517e 193->196 197 485183-48519a ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z 193->197 200 485298 194->200 201 48529d-4852b5 194->201 195->194 196->197 198 4851dc-4851eb ??1CRegistrySupp@@QAE@XZ 197->198 199 48519c-4851d7 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrRuntimeException@@QAE@ABV0@@Z _CxxThrowException 197->199 198->188 199->198 200->201 203 4852f7-485311 wcslen 201->203 204 4852b7-4852f2 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z ??0CErrRuntimeException@@QAE@ABV0@@Z _CxxThrowException 201->204 205 48533e-485403 ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z call 481970 call 481a70 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??1CRegistrySupp@@QAE@XZ call 485627 203->205 206 485313-48533c wcslen * 2 203->206 204->203 212 485408-48540b 205->212 206->205 206->206
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CCriticalSec@@QAE@XZ.MGCOMMON ref: 004850CF
                                                                                                                                                                                                                • ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z.MGCOMMON ref: 004850EC
                                                                                                                                                                                                                • ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z.MGCOMMON(?,021E0000,021E0000,00000000), ref: 00485137
                                                                                                                                                                                                                • ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z.MGCOMMON(80000001), ref: 0048514D
                                                                                                                                                                                                                • ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z.MGCOMMON(?,021E0000,021E0000,00000000), ref: 00485196
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not find installation directory.,?,?,?,80000002), ref: 004851AA
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON(?,?,?,80000002), ref: 004851B4
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 004851C7
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,004883F0), ref: 004851D7
                                                                                                                                                                                                                • ??1CRegistrySupp@@QAE@XZ.MGCOMMON(?,004883F0), ref: 004851EB
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 004851FF
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 0048521B
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 0048522F
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?), ref: 0048524B
                                                                                                                                                                                                                • ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z.MSVCP71(0048732C), ref: 0048525B
                                                                                                                                                                                                                • ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z.MGCOMMON(?,00610000,021E0000,00000000), ref: 004852AD
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not find application data directory.), ref: 004852C5
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 004852CF
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 004852E2
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,004883F0), ref: 004852F2
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 004852FF
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 0048531B
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 0048532F
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?), ref: 0048534B
                                                                                                                                                                                                                • ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z.MSVCP71(0048732C), ref: 0048535B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 004853A8
                                                                                                                                                                                                                • ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCONFIG ref: 004853B8
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 004853CB
                                                                                                                                                                                                                • ??1CRegistrySupp@@QAE@XZ.MGCOMMON ref: 004853E1
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892930100.0000000000481000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892906598.0000000000480000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892951827.0000000000487000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892982403.000000000048B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893010257.000000000048C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_480000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$RegistrySupp@@$wcslen$Exception@@Runtime$??0?$basic_string@G11@V?$basic_string@Value@$??4?$basic_string@?append@?$basic_string@ExceptionG@2@@std@@@ThrowV01@V0@@V12@Y__@@@$??1?$basic_string@?createConfigConfig@Config@@CriticalG@2@@std@@0@Manager@@Sec@@V01@@
                                                                                                                                                                                                                • String ID: .xml$Could not find application data directory.$Could not find installation directory.${{
                                                                                                                                                                                                                • API String ID: 2418492649-2215119730
                                                                                                                                                                                                                • Opcode ID: b98958f18ef48569b8f032b4eb3f466824fc16e0153f16dd7fb67cf89afd5f06
                                                                                                                                                                                                                • Instruction ID: 73659b63c9c545c7ba802ab0e466bc83113c62e2132d2d99e9d402c1281bade5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b98958f18ef48569b8f032b4eb3f466824fc16e0153f16dd7fb67cf89afd5f06
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69A1A7715083418FC724EF68DC58B9FB7E9EB94300F104D6EE99A83291DF759448CBAA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004811F0 Relevance: 42.1, APIs: 18, Strings: 6, Instructions: 104COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CAutoLock@@QAE@ABVCLockable@@@Z.MGCOMMON ref: 0048122F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Can't replace the file name for a default Config object.,?,?,?,?,?,?), ref: 00481252
                                                                                                                                                                                                                • ??0CErrIllegalArgumentException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON(?,?,?,?,?,?), ref: 0048125C
                                                                                                                                                                                                                • ??0CErrIllegalArgumentException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 0048126F
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,00487990), ref: 0048127F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Can't set an empty file name.,?,?,?,?,?,?), ref: 0048129D
                                                                                                                                                                                                                • ??0CErrIllegalArgumentException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON(?,?,?,?,?,?), ref: 004812A7
                                                                                                                                                                                                                • ??0CErrIllegalArgumentException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 004812BA
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,00487990), ref: 004812CA
                                                                                                                                                                                                                • _IsFileExist@4.MGCOMMON(?), ref: 004812E8
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?), ref: 00481307
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71 ref: 00481323
                                                                                                                                                                                                                • ??0CErrFileException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0HJ@Z.MGCOMMON ref: 00481338
                                                                                                                                                                                                                • ??0CErrFileException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 0048134B
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,00487980), ref: 0048135B
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 0048136B
                                                                                                                                                                                                                • ??1CAutoLock@@QAE@XZ.MGCOMMON ref: 0048137D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00481395
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892930100.0000000000481000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892906598.0000000000480000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892951827.0000000000487000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892982403.000000000048B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893010257.000000000048C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_480000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$Exception@@G@2@@std@@$??0?$basic_string@ArgumentIllegal$ExceptionFileThrowV0@@V?$basic_string@$AutoG@2@@std@@@Lock@@V01@@$??1?$basic_string@??4?$basic_string@Exist@4G@2@@std@@0Lockable@@@V01@
                                                                                                                                                                                                                • String ID: j{$Can't replace the file name for a default Config object.$Can't set an empty file name.$File does not exist$p&{$p,{
                                                                                                                                                                                                                • API String ID: 2381368864-1580680342
                                                                                                                                                                                                                • Opcode ID: 2c4102cbfda6f0df37a33fc9c7ff79d634271ee6a2b4b42fdef84e633313d0f4
                                                                                                                                                                                                                • Instruction ID: 35cce47d07b2874cbcdfea014fe6ca61abf0b1b916b981195130c314bd215de0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c4102cbfda6f0df37a33fc9c7ff79d634271ee6a2b4b42fdef84e633313d0f4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE41607110C381DFC324EF64D859B9EBBE4BB99700F108E5EF59A92291DB749408CB6B
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10018C20 Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 165COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 244 10018c20-10018cc9 call 10013df0 call 1001a4be 249 10018cdb 244->249 250 10018ccb-10018cd9 ??0CCriticalSec@@QAE@XZ 244->250 251 10018cdd-10018d40 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 100155c0 call 100151a0 ?getConfigManager@CConfigManager@@SAAAV1@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z 249->251 250->251 256 10018d42-10018db1 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 251->256 257 10018db7-10018de3 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z 251->257 256->257 258 10018de5-10018e09 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?getPropertyAsLong@CConfig@@QBEJV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@J@Z 257->258 259 10018e28 257->259 260 10018e2f-10018e72 ?GetProcessVersion@CUpdateManager@@AAEXXZ ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ ?CreateIpcQueue@CIPC@@SGHPBDP6GX0PBXK1K@Z@Z 258->260 259->260
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                • ??0CCriticalSec@@QAE@XZ.MGCOMMON ref: 10018CCD
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMAutoUpdateLogger,?,?,?,?,?,?,00000001), ref: 10018CF3
                                                                                                                                                                                                                • ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG(?,?,?,?,?,?,00000001), ref: 10018D1B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 10018D30
                                                                                                                                                                                                                • ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 10018D38
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.ConfigFiles.SweetIMAppConfigFilePath), ref: 10018D4F
                                                                                                                                                                                                                • ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 10018D5B
                                                                                                                                                                                                                • ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z.MGCONFIG(?), ref: 10018D6B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10018D81
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 10018D98
                                                                                                                                                                                                                • ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCONFIG ref: 10018DA4
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10018DB1
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 10018DC4
                                                                                                                                                                                                                • ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 10018DCC
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.AutomaticUpdate.Manager.AgentKeepAliveSec), ref: 10018DF7
                                                                                                                                                                                                                • ?getPropertyAsLong@CConfig@@QBEJV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@J@Z.MGCONFIG ref: 10018E00
                                                                                                                                                                                                                • ?GetProcessVersion@CUpdateManager@@AAEXXZ.MGUPDATESUPPORT ref: 10018E38
                                                                                                                                                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(?), ref: 10018E4A
                                                                                                                                                                                                                • ?CreateIpcQueue@CIPC@@SGHPBDP6GX0PBXK1K@Z@Z.MGHOOKING(00000000), ref: 10018E51
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: U?$char_traits@V?$allocator@$G@std@@$G@2@@std@@$??0?$basic_string@$ConfigManager@@$?getConfig@@V?$basic_string@$Config@$G@2@@std@@@Property$??1?$basic_string@?c_str@?$basic_string@?config?createCreateCriticalD@2@@std@@D@std@@DefaultExists@G@2@@std@@0@Long@Manager@ProcessQueue@Sec@@StringUpdateV01@@V23@@Version@malloc
                                                                                                                                                                                                                • String ID: Main.AutomaticUpdate.Manager.AgentKeepAliveSec$Main.ConfigFiles.SweetIMAppConfigFilePath$SweetIMApplicationConfig$SweetIMAutoUpdateLogger
                                                                                                                                                                                                                • API String ID: 1710727422-1905216937
                                                                                                                                                                                                                • Opcode ID: 796a7376587e00b30ce555a8d687a5f490ab1b9c22814e4d39753cf5f36bce9e
                                                                                                                                                                                                                • Instruction ID: a34eb4c90df5ed4b1035c1601586ad28db2805f02d9957f8c2a219a218544a87
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 796a7376587e00b30ce555a8d687a5f490ab1b9c22814e4d39753cf5f36bce9e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E614570901384EFDB10EFA9C98969EBFF1FB48300F60855EE44A97751CB74AA45CB92
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10008660 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CHTTPClientAsyncHandler@@QAE@XZ.MGCOMMUNICATION(00000000,00000000,00000004), ref: 10008689
                                                                                                                                                                                                                • ??0CCriticalSec@@QAE@XZ.MGCOMMON ref: 100086C5
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Mozilla/4.0 (compatible; )), ref: 100086D7
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                • ??0CHTTPClientAsync@@QAE@XZ.MGCOMMUNICATION ref: 100086FA
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@XZ.MGCOMMON ref: 1000871D
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A56C), ref: 1000872F
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(Mozilla/4.0 (compatible; ),?), ref: 10008757
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(getUserAgentString failed), ref: 1000876A
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10008773
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10008784
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A56C), ref: 10008796
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(?), ref: 100087A2
                                                                                                                                                                                                                • wsprintfW.USER32 ref: 100087CA
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 100087DF
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100087E8
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 100087F6
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A56C), ref: 10008805
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,1002A56C), ref: 10008817
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$Exception@@Runtime$??0?$basic_string@ExceptionThrow$ClientG@2@@std@@@V0@@V?$basic_string@$??1?$basic_string@??4?$basic_string@?c_str@?$basic_string@AsyncAsync@@CriticalHandler@@Sec@@V01@mallocwsprintf
                                                                                                                                                                                                                • String ID: Could not initialize the HTTP Client. Error: %d$Mozilla/4.0 (compatible; )$getUserAgentString failed
                                                                                                                                                                                                                • API String ID: 2670075552-1324670363
                                                                                                                                                                                                                • Opcode ID: 318e4ae3f3d460adcb29a55bbc4ac1d1f50849a7d1b7bb8b2e50efa1daba1895
                                                                                                                                                                                                                • Instruction ID: f6bf1c338eb8062604ebd5fc8c97962cd2bba830abcec6f7eba3b8211b7fcd92
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 318e4ae3f3d460adcb29a55bbc4ac1d1f50849a7d1b7bb8b2e50efa1daba1895
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C516A70800668DFDB10DFA8CD88A9EBBF8FF58300F60459EE14A93651D7B4AA45CB91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004079F0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 276 4079f0-407a6d ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ RegOpenKeyExW 277 407a73-407a7a 276->277 278 407c1e-407c3d ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 276->278 279 407a83-407a8b 277->279 280 407a7c-407a7d RegCloseKey 277->280 282 407c46-407c56 278->282 283 407c3f-407c40 RegCloseKey 278->283 279->278 284 407a91-407ab2 call 405aa0 279->284 280->279 283->282 284->278 287 407ab8-407adb ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z 284->287 288 407ae2-407afa 287->288 289 407add-407ae0 287->289 290 407afd-407aff 288->290 289->290 291 407b02-407b05 290->291 292 407c12-407c19 call 403860 291->292 293 407b0b-407b58 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ RegOpenKeyExW 291->293 292->278 295 407bec-407bfb ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 293->295 296 407b5e-407b82 call 407290 293->296 297 407c04-407c0d 295->297 298 407bfd-407bfe RegCloseKey 295->298 300 407b87-407b8c 296->300 297->291 298->297 301 407be0-407be7 call 405160 300->301 302 407b8e-407bda ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z call 407920 call 4051b0 * 2 ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 300->302 301->295 302->301
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SOFTWARE\SweetIM\Messenger,00000000,00000004,00000000), ref: 00407A2B
                                                                                                                                                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(\Initialization), ref: 00407A40
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 00407A4C
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,00000000), ref: 00407A65
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(0040D174), ref: 00407A7D
                                                                                                                                                                                                                • ?GetEnumSubKeysNames@@YAHAAVCRegKey@ATL@@AAV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@@Z.MGCOMMON(0040D174,021E7960,Version,?,?), ref: 00407ACD
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00407B17
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000004), ref: 00407B2F
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 00407B3B
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(0040D174,00000000,00000000,00020019,004059FD), ref: 00407B50
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 00407B91
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(00000000), ref: 00407B9E
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?), ref: 00407BDA
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00407BF3
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(004059FD), ref: 00407BFE
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00407C28
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(0040D174), ref: 00407C40
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@??1?$basic_string@?c_str@?$basic_string@Close$OpenV01@V?$basic_string@$??4?$basic_string@EnumG@2@@std@@@2@@std@@@Key@KeysNames@@V01@@V?$vector@Y?$basic_string@
                                                                                                                                                                                                                • String ID: SOFTWARE\SweetIM\Messenger$Version$\Initialization
                                                                                                                                                                                                                • API String ID: 1518601177-3319925192
                                                                                                                                                                                                                • Opcode ID: ebd1fd0a70b3730ee852dd9e9d800f79e06b67747865985da6e5121716450bb9
                                                                                                                                                                                                                • Instruction ID: b01d7532aaa47d98b6d4e78e2884e1ce303e17adeff26ef0ed9fb7f8b51affb8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebd1fd0a70b3730ee852dd9e9d800f79e06b67747865985da6e5121716450bb9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7717E70D04209DFDB15CF94C984AEEFBB8BF58300F24416AE506B3291DB742A08CF65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402620 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 173windowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 310 402620-402698 call 402a70 call 407c70 315 4026a4-4026a9 310->315 316 40269a call 4059a0 310->316 318 4026c0-4026cd call 402a90 315->318 319 40269f-4026a2 316->319 322 4026ea-402713 ?getConfigManager@CConfigManager@@SAAAV1@XZ ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z 318->322 323 4026cf-4026e5 ?MessageBoxInitError@@YAXH@Z 318->323 319->318 325 402715-40278a ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ 322->325 326 40278c-4027d7 ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z 322->326 324 4028a6-4028ad call 4053b0 323->324 329 4028b2-4028c4 324->329 325->326 330 402897-4028a5 326->330 331 4027dd-4027f6 call 407c70 326->331 330->324 334 4027f8-402809 ??0CUpdateManager@@QAE@XZ 331->334 335 40280b-402810 331->335 336 402827-402843 call 407c70 334->336 335->336 339 402864-402873 ?start@CUpdateAgent@@QAEXXZ 336->339 340 402845-402862 ??0CUpdateAgent@@QAE@XZ ?start@CUpdateAgent@@QAEXXZ 336->340 339->330 340->330
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00407C70: malloc.MSVCR71 ref: 00407C89
                                                                                                                                                                                                                • ?MessageBoxInitError@@YAXH@Z.MGCOMMON(000002BC,?,000000FF,0040851E,00000000,0040851E), ref: 004026D4
                                                                                                                                                                                                                • ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG(?,000000FF,0040851E,00000000,0040851E), ref: 004026EE
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 00402703
                                                                                                                                                                                                                • ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 0040270B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.ConfigFiles.SweetIMAppConfigFilePath), ref: 00402722
                                                                                                                                                                                                                • ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 0040272E
                                                                                                                                                                                                                • ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z.MGCONFIG(?), ref: 0040273E
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 00402755
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 0040276C
                                                                                                                                                                                                                • ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCONFIG ref: 00402777
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00402784
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 00402799
                                                                                                                                                                                                                • ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 004027A1
                                                                                                                                                                                                                • ??0CUpdateManager@@QAE@XZ.MGUPDATESUPPORT ref: 004027FA
                                                                                                                                                                                                                • ??0CUpdateAgent@@QAE@XZ.MGUPDATESUPPORT ref: 00402847
                                                                                                                                                                                                                • ?start@CUpdateAgent@@QAEXXZ.MGUPDATESUPPORT ref: 0040285C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$ConfigManager@@$??0?$basic_string@$?getConfig@@V?$basic_string@$Config@Update$Agent@@G@2@@std@@@$??1?$basic_string@?config?create?start@DefaultError@@Exists@G@2@@std@@0@InitManager@MessagePropertyStringV01@@V23@@malloc
                                                                                                                                                                                                                • String ID: -AutoStartIM$Main.ConfigFiles.SweetIMAppConfigFilePath$SweetIMApplicationConfig
                                                                                                                                                                                                                • API String ID: 73987785-1349467951
                                                                                                                                                                                                                • Opcode ID: b8bb54172af4aa5d44aa376920c366f74c3a5ee413738ae7c6f43d1cda2a6d9f
                                                                                                                                                                                                                • Instruction ID: 36eb3aab9d637a4fac9afe2c25d9bf8bd2b9dda645044c03068bfdc7c97f7acd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8bb54172af4aa5d44aa376920c366f74c3a5ee413738ae7c6f43d1cda2a6d9f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D619F70A04385EFDB14DF69864965EBBF0BF48300F14867EE446673D1DBB85A04CB5A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402490 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 124windowCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CMutex@@QAE@PAG@Z.MGCOMMON(00000000,74DF0A60,?,00000000), ref: 004024B6
                                                                                                                                                                                                                • ?init@CMutex@@QAEXPAG@Z.MGCOMMON(Local\{D564BB4E-74F6-4fd5-900A-313328F6DF9F},?,00000000), ref: 004024CF
                                                                                                                                                                                                                • ?IsAnotherInstanceRunning@CMutex@@QAEHXZ.MGCOMMON(?,00000000), ref: 004024D8
                                                                                                                                                                                                                • ??1CMutex@@UAE@XZ.MGCOMMON(?,00000000), ref: 004024EC
                                                                                                                                                                                                                • #17.COMCTL32(?,00000000), ref: 0040251D
                                                                                                                                                                                                                • CreateDialogParamW.USER32(?,DLG_MAIN,00000000,00401530,00000000), ref: 0040254D
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMAppLogger), ref: 00402568
                                                                                                                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004025B2
                                                                                                                                                                                                                • IsDialogMessageW.USER32(00000000,?), ref: 004025C5
                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 004025CF
                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 004025D9
                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 004025E9
                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(00000000), ref: 004025F0
                                                                                                                                                                                                                • ??1CMutex@@UAE@XZ.MGCOMMON ref: 00402600
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Mutex@@$Message$CallbackDialogDispatcherUser$??0?$basic_string@?init@AnotherCreateDispatchG@2@@std@@G@std@@InstanceParamRunning@TranslateU?$char_traits@V?$allocator@
                                                                                                                                                                                                                • String ID: -AutoStartIM$DLG_MAIN$Local\{D564BB4E-74F6-4fd5-900A-313328F6DF9F}$SweetIMAppLogger
                                                                                                                                                                                                                • API String ID: 3575969091-3177592150
                                                                                                                                                                                                                • Opcode ID: bb999c2487a112f79be8abefef08beeecc1f853b61d61bcd3c2e12e9c97ce0f1
                                                                                                                                                                                                                • Instruction ID: 68a02e7df998b29926512819b6c8b5b92c25132de0333f13bab9b808dd8f56a7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb999c2487a112f79be8abefef08beeecc1f853b61d61bcd3c2e12e9c97ce0f1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B419171A00349EBDB10EFA4DE5DB9E7B74EB08710F104169E811B73D1DBB89904CBA8
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081C6E1 Relevance: 25.8, APIs: 17, Instructions: 260synchronizationthreadmemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 519 81c6e1-81c6e5 520 81c6eb-81c6f8 call 80522c 519->520 521 81c85a-81c861 519->521 527 81c6fa-81c6fb 520->527 528 81c72c-81c730 520->528 523 81c980-81c988 521->523 524 81c867-81c884 call 805224 call 80522c 521->524 539 81c88a-81c88c 524->539 540 81c94e-81c95b call 805224 524->540 530 81c6fd-81c70a 527->530 531 81c850-81c854 528->531 532 81c736-81c747 call 805224 528->532 534 81c728-81c72a 530->534 535 81c70c-81c726 SetEvent 530->535 531->520 531->521 542 81c833-81c837 532->542 543 81c74d-81c7e3 call 805224 call 8053e0 LocalAlloc CreateEventA CreateThread 532->543 534->528 534->530 535->528 544 81c897-81c8a4 539->544 545 81c88e-81c891 539->545 552 81c671-81c686 WaitForSingleObject 540->552 553 81c961-81c97b call 8053e0 540->553 542->531 547 81c839-81c84e WaitForSingleObject 542->547 563 81c7e5-81c7f5 SetThreadPriority 543->563 564 81c7f7-81c830 CloseHandle LocalFree call 8053e0 543->564 549 81c944-81c948 544->549 550 81c8aa-81c8be GetTickCount 544->550 545->544 545->549 547->521 547->531 549->539 549->540 550->549 551 81c8c4-81c941 SetEvent WaitForSingleObject CloseHandle * 2 LocalFree 550->551 551->549 552->523 556 81c68c-81c6b3 EnterCriticalSection 552->556 553->552 559 81c6c0-81c6d9 LeaveCriticalSection 556->559 560 81c6b5-81c6bd 556->560 560->559 563->542 564->542
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081C67A
                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 0081C71C
                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000014), ref: 0081C77B
                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,000000FF,00000000,00000040,00000014), ref: 0081C79F
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0001C5C0,00000000,00000000,00000014), ref: 0081C7CC
                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000,00000000,00000000,Function_0001C5C0,00000000,00000000,00000014,00000000,00000000,000000FF,00000000,00000040,00000014), ref: 0081C7EB
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000014,00000000,00000000,Function_0001C5C0,00000000,00000000,00000014,00000000,00000000,000000FF,00000000,00000040,00000014), ref: 0081C804
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00000014,00000000,00000000,Function_0001C5C0,00000000,00000000,00000014,00000000,00000000,000000FF,00000000,00000040,00000014), ref: 0081C813
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081C842
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0081C8AA
                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 0081C8D2
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,?), ref: 0081C8E5
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000064,?), ref: 0081C8F7
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000064,?), ref: 0081C908
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00000064,?), ref: 0081C922
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseEventHandleLocalObjectSingleWait$CreateFreeThread$AllocCountPriorityTick
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3893984910-0
                                                                                                                                                                                                                • Opcode ID: d0b8e372e6ca71397fe2f1b0fe3face40313b27a828d0ef4383958f52e7f681e
                                                                                                                                                                                                                • Instruction ID: 9a5f088e852c098202acf27c41eb772aba2087715717d1318ba5d8aed7ca7ce0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0b8e372e6ca71397fe2f1b0fe3face40313b27a828d0ef4383958f52e7f681e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BB1C278A00204AFDB50DF6CC985E9A7BE4FF09360F558154F949DB3A2D671EE80CB91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004D2E80 Relevance: 22.7, APIs: 15, Instructions: 191COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • fseek.MSVCR71 ref: 004D2EF8
                                                                                                                                                                                                                • ftell.MSVCR71 ref: 004D2EFB
                                                                                                                                                                                                                • fseek.MSVCR71 ref: 004D2F08
                                                                                                                                                                                                                  • Part of subcall function 004D5670: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(00000000,00000000,004D4545,00000002,00000000,00000000,00000000,?), ref: 004D5690
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893401256.00000000004D1000.00000020.00000001.01000000.00000016.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893380988.00000000004D0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893424199.00000000004D8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893452688.00000000004DC000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893481133.00000000004DD000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4d0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fseek$??4?$basic_string@D@2@@std@@D@std@@U?$char_traits@V01@V?$allocator@ftell
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3906491186-0
                                                                                                                                                                                                                • Opcode ID: a62bdf8e5cdd521dc41a9cc32aba431b7e61ace2223e762c286cb5e950c9df1b
                                                                                                                                                                                                                • Instruction ID: fddd446604d8fc5bbc2297098334d00c48c3c99c36b39499d076ece0fce9070f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a62bdf8e5cdd521dc41a9cc32aba431b7e61ace2223e762c286cb5e950c9df1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA512671644340ABD721DF28CC95B6BBBA4FB94B10F00452FF586873C1DB78A849C7A6
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C383B6B Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 247fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __doserrno$_errno$File$CloseCreateErrorHandleLastType
                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                • API String ID: 3590436335-2852464175
                                                                                                                                                                                                                • Opcode ID: a2a21fc4c36ca4ec2d352cb5b09c824a2983f7bd7813cc5460b716f1d2bce08a
                                                                                                                                                                                                                • Instruction ID: 53782da3112ad5cf3e9dff24693224bcb3b8d1c727e6f7d87e021f9c6c4915ae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2a21fc4c36ca4ec2d352cb5b09c824a2983f7bd7813cc5460b716f1d2bce08a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D08154719492089AEB929F65C8403ED7BF8EF013D8F204269D992A73C0C37E5509CFB2
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407E48 Relevance: 21.1, APIs: 14, Instructions: 147COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_amsg_exit_cexit_ismbbleadexit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1338188474-0
                                                                                                                                                                                                                • Opcode ID: 33e52f31024134cf3c7928e6b618b13df7267f5973f2ea6db016f49251d88156
                                                                                                                                                                                                                • Instruction ID: 82e34cbe90dbb163feac3b9950c9676ff52a021aac122ad05f87830b939d3ac1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33e52f31024134cf3c7928e6b618b13df7267f5973f2ea6db016f49251d88156
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB51C171D04215DFDB20AFA4D9896AE7BB4BB08314F20007FE441BA2D2CB385D46CB9D
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 100168F0 Relevance: 21.1, APIs: 14, Instructions: 117threadsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetHandleInformation.KERNEL32(?,?), ref: 10016949
                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 1001695B
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 10016967
                                                                                                                                                                                                                • GetExitCodeThread.KERNEL32(?,?), ref: 10016976
                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,00000000), ref: 1001698B
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 10016995
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 100169A2
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 100169AF
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 100169EC
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10016A0C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10016A1D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10016A2E
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10016A3C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10016A4A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??1?$basic_string@G@2@@std@@G@std@@HandleU?$char_traits@V?$allocator@$Close$Thread$CodeEventExitInformationObjectSingleTerminateWait
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2723236727-0
                                                                                                                                                                                                                • Opcode ID: cbba28162e01c1a3bfd3daf9f6a920410cb8ace00e1711041279e345884e7be7
                                                                                                                                                                                                                • Instruction ID: 6aa9c47fca13ef660a87f60c12e55ca05b4b757262fa21d3955a09d874b98abb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbba28162e01c1a3bfd3daf9f6a920410cb8ace00e1711041279e345884e7be7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 334103B4100B408FD721CF69CC88A2ABBF9FF98704F644A0DE18A876A0C775E985CB51
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404AA0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 117COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(0040D174,00000000,00000001,000000FF,?,00404F33,00000001,-00000010,00000000,00000000,00000000,00000000,00408910,000000FF,?,0040542D), ref: 00404AD2
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,00404F33,00000001,-00000010,00000000,00000000,00000000,00000000,00408910,000000FF,?,0040542D,00000000,00000001,00000001,004028B2), ref: 00404ADF
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Type,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404AFE
                                                                                                                                                                                                                  • Part of subcall function 00406150: ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP71(?,-0000000C,?,00000000,00404CB0,0040D174), ref: 00406195
                                                                                                                                                                                                                  • Part of subcall function 00406150: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?,?,00000000,00404CB0,0040D174), ref: 004061C2
                                                                                                                                                                                                                  • Part of subcall function 00406150: ??3@YAXPAX@Z.MSVCR71 ref: 004061EC
                                                                                                                                                                                                                  • Part of subcall function 00406150: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00406210
                                                                                                                                                                                                                • ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP71(?,Registry), ref: 00404B3B
                                                                                                                                                                                                                • ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP71(?,File), ref: 00404B59
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(0040D174,7C3D2D65,00000003), ref: 0040422A
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 0040423D
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 0040424D
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 0040425A
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00404267
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00404274
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Type), ref: 0040428F
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP71(?,Registry), ref: 004042C9
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyParent), ref: 004042EE
                                                                                                                                                                                                                  • Part of subcall function 00404200: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(KeyName), ref: 00404330
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00404BC8
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00404BD5
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??0?$basic_string@$G@1@@std@@V?$basic_string@$??$?8??1?$basic_string@G@2@@0@$??$???3@??4?$basic_string@G@2@@0@0@V01@V01@@
                                                                                                                                                                                                                • String ID: File$Registry$ShellLink$Type
                                                                                                                                                                                                                • API String ID: 2243324655-1643845889
                                                                                                                                                                                                                • Opcode ID: 4c66b18ecf688f3a29788a6d2e43e62ad2183db8cdf2af6522cb8a057fedb4ae
                                                                                                                                                                                                                • Instruction ID: 55b217286641641cff775f9e88cefdfa5d801beda5f6e364de605b7be72638fd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c66b18ecf688f3a29788a6d2e43e62ad2183db8cdf2af6522cb8a057fedb4ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD4195B1C00208ABCF00DFA5DD41AEEBBB8EF85714F14416EE90577281D7785B09CBAA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 100129E0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,00000000,00000000,00000004), ref: 10012A16
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A46
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A58
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A6A
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012A7F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.ConfigFiles.AutoUpdateConfigFilePath), ref: 10012AAA
                                                                                                                                                                                                                • ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG ref: 10012AB4
                                                                                                                                                                                                                • ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 10012ABC
                                                                                                                                                                                                                • ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z.MGCONFIG(?), ref: 10012ACC
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000), ref: 10012AD9
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012AE6
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(00000000,00000000,00000004), ref: 1001260C
                                                                                                                                                                                                                  • Part of subcall function 100125E0: _IsFileExist@4.MGCOMMON(00000000), ref: 10012613
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Automatic update File not exists!), ref: 1001262A
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10012633
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10012647
                                                                                                                                                                                                                  • Part of subcall function 100125E0: _CxxThrowException.MSVCR71(?,1002A55C), ref: 10012659
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CXmlDocument@@QAE@XZ.MGXML_WRAPPER(?,1002A55C), ref: 10012661
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?initFromFile@CXmlDocument@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(00000004), ref: 10012677
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@@XZ.MGXML_WRAPPER(?), ref: 1001268B
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?isNull@CXmlNode@@QAE_NXZ.MGXML_WRAPPER ref: 10012694
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(AutoUpdate analysis error. Could not obtain the AutoUpdate child.), ref: 100126AB
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100126B4
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 100126C5
                                                                                                                                                                                                                  • Part of subcall function 100125E0: _CxxThrowException.MSVCR71(?,100298A8), ref: 100126D7
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?getNodeName@CXmlNode@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGXML_WRAPPER(?), ref: 100126F0
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(00000000,10038464), ref: 10012702
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012716
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(AutoUpdate analysis error. The AutoUpdate does not exists.), ref: 1001272D
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10012736
                                                                                                                                                                                                                  • Part of subcall function 100125E0: ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10012747
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Main.ConfigFiles.AutoUpdateConfigFilePath, xrefs: 10012A8D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??0?$basic_string@$V?$basic_string@$Exception@@$?get$FormatG@2@@std@@@Message$ConfigDocument@@Node@@V0@@$??1?$basic_string@Config@@ExceptionManager@@StringThrow$??4?$basic_string@?c_str@?$basic_string@?initCmpi@@Config@DefaultDocumentExist@4FileFile@FromG@2@@std@@0@Manager@Name@NodeNull@PropertyRoot@V01@V01@@V23@@
                                                                                                                                                                                                                • String ID: Main.ConfigFiles.AutoUpdateConfigFilePath
                                                                                                                                                                                                                • API String ID: 2173420003-3692971376
                                                                                                                                                                                                                • Opcode ID: 8404aec9da6f54be889763d612ec4f8c18601dda3b867efa9723f9ac71c68f90
                                                                                                                                                                                                                • Instruction ID: ba14ddfae378c9713296e42f00aa695484c55a70bba581e964768affbabcec27
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8404aec9da6f54be889763d612ec4f8c18601dda3b867efa9723f9ac71c68f90
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82313A708047A4DFE710DFA9CD88B9AFBF8FF58204F50454EE19A93690DB746605CB61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10007760 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 117networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(?,?,?,?,?,00000007,?,?,?,?,?,?,?,?,?,00000007), ref: 1000780E
                                                                                                                                                                                                                • InternetCrackUrlW.WININET(00000000,?,00000000,?), ref: 1000781C
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,?,?,?,?,?,00000007), ref: 10007831
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(?,?,?,?,?,?,00000007), ref: 1000783E
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 1000785B
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007864
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 1000786D
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007876
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 1000787F
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007888
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$??4?$basic_string@V01@$?c_str@?$basic_string@CrackInternet
                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                • API String ID: 490602638-4251816714
                                                                                                                                                                                                                • Opcode ID: a21622a390815f8fa95896f3422368ca3bcdc41f904f9eb9b441b16ac1ce6712
                                                                                                                                                                                                                • Instruction ID: 0eb40c7ba6e51e1155f3fd0a0d5f5f98856c1591cb08dcc142d302eefe4562e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a21622a390815f8fa95896f3422368ca3bcdc41f904f9eb9b441b16ac1ce6712
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E412FB6D006189BCB10DF99D845AAEFBF9FF89610F10411AF905A7300D775E951CFA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10016BB0 Relevance: 18.1, APIs: 12, Instructions: 114COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 100105F0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,10016BEF,?,00000000), ref: 10010607
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000,?,00000000,00000000,00000004), ref: 10016BF7
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016C03
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG(?), ref: 10010346
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 10010350
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getInstallDirectory@CConfig@@QAE?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGCONFIG ref: 10010354
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG ref: 1001036A
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 1001036E
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?getDataDirectory@CConfig@@QAE?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ.MGCONFIG ref: 10010372
                                                                                                                                                                                                                  • Part of subcall function 10010310: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10010388
                                                                                                                                                                                                                  • Part of subcall function 10010310: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71($install_dir), ref: 1001039F
                                                                                                                                                                                                                  • Part of subcall function 10010310: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71($data_dir), ref: 100103B6
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP71(?,00000000), ref: 100103CF
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z.MSVCP71(00000000,?,?), ref: 100103F2
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP71(?,00000000), ref: 10010403
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP71(?,00000000), ref: 1001041E
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z.MSVCP71(00000000,?,?), ref: 1001043F
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP71(?,00000000), ref: 10010450
                                                                                                                                                                                                                  • Part of subcall function 10010310: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP71(100283B4,00000000), ref: 1001046B
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 10016C5B
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016C67
                                                                                                                                                                                                                  • Part of subcall function 10010590: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?), ref: 100105A4
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4), ref: 10016C84
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016C90
                                                                                                                                                                                                                  • Part of subcall function 100105C0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?), ref: 100105D4
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4), ref: 10016CAD
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016CB9
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016CDC
                                                                                                                                                                                                                • _IsDirExist@4.MGCOMMON(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016CE3
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4,000000FF), ref: 10016CEF
                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001D2F4), ref: 10016CF7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$V01@@$??0?$basic_string@?getConfigV12@$?find@?$basic_string@$??1?$basic_string@??4?$basic_string@Config@@Manager@@V01@$?c_str@?$basic_string@?replace@?$basic_string@Config@DefaultDirectory@Manager@V12@@V?$basic_string@$CreateDataDirectoryExist@4Install
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1306238854-0
                                                                                                                                                                                                                • Opcode ID: f5c933c4ce7a388f10edfbf36ef989edc123a60806d880e2d3ab53c0ce0b9c38
                                                                                                                                                                                                                • Instruction ID: bb0bb8c3e1140962ca808ed11a23059cb00221ec746b6ea2d9b517be1cf844e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5c933c4ce7a388f10edfbf36ef989edc123a60806d880e2d3ab53c0ce0b9c38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A418875A01748EFDB04DFA4C994AAEBBB9FB48300F10495DF48A93390DB74AA09CB50
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10017950 Relevance: 18.1, APIs: 12, Instructions: 105COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000104), ref: 1001798C
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000), ref: 10017993
                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 100179A4
                                                                                                                                                                                                                • ??0CErrException@@QAE@XZ.MGCOMMON ref: 100179D7
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 100179E9
                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(00000000,?,00000000,00000000), ref: 100179FB
                                                                                                                                                                                                                • ??0CErrException@@QAE@XZ.MGCOMMON(00000000,?,00000000,00000000), ref: 10017A07
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017A16
                                                                                                                                                                                                                • VerQueryValueW.VERSION(00000000,100274DC,?,?,00000000,?,00000000,00000000), ref: 10017A29
                                                                                                                                                                                                                • ??0CErrException@@QAE@XZ.MGCOMMON(00000000,100274DC,?,?,00000000,?,00000000,00000000), ref: 10017A35
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017A44
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10017A85
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionException@@FileThrow$InfoModuleVersion$HandleNameQuerySizeValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4155957286-0
                                                                                                                                                                                                                • Opcode ID: 59c2f6fd97f2d17152a11ae7db4d3ecf7be101aaadcef7f19e205c615a52de24
                                                                                                                                                                                                                • Instruction ID: 07ce6c2351d97802ad466a3a5781cfd83411cff5256376520ddbeb753fb392f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59c2f6fd97f2d17152a11ae7db4d3ecf7be101aaadcef7f19e205c615a52de24
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B31A575D00619ABCB04DFA4CC45AEFB7B8FF4C600F504569E6099B201FB35EA85CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081DF18 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 166libraryloadermemoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0081E0E4), ref: 0081DF58
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DF76
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DF94
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DFB3
                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(00822F8C,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0081CEDD), ref: 0081E03F
                                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 0081E0AC
                                                                                                                                                                                                                • FreeSid.ADVAPI32(0081CEDD), ref: 0081E0B5
                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00822F8C,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0081CEDD), ref: 0081E0BE
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0081E0E4), ref: 0081E0C4
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Free$AddressProc$LibraryLocal$AllocateInitializeLoad
                                                                                                                                                                                                                • String ID: 41#4%<fg{199
                                                                                                                                                                                                                • API String ID: 3102391969-2975153987
                                                                                                                                                                                                                • Opcode ID: 7d59d9b90c15a1b669479cff1fcad62555de7d91f9c1347da1cb623cf477ceea
                                                                                                                                                                                                                • Instruction ID: 68ee285dd25fb112fb333895baa5a7876145c7fc4eda8f75b2a2b4e631c614a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d59d9b90c15a1b669479cff1fcad62555de7d91f9c1347da1cb623cf477ceea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E851EE71A40609AAEB50EBA8CC46FEFB7BCFF08714F544525FA00E7281EB7499418B65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00491F40 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 158registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\SweetIM\Messenger\Adapters,00000000,00020019,00000000,?,00000000,00000000), ref: 00491F8C
                                                                                                                                                                                                                  • Part of subcall function 00491A80: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,00000000,00000000,00491FC0,Version,?,00000000,?,00000000,00000000), ref: 00491AAD
                                                                                                                                                                                                                • RegEnumKeyExW.KERNELBASE(00000000,000000FF,?,00000000,00000000,00000000,00000000,00000000,Version,?,00000000,?,00000000,00000000), ref: 00491FFA
                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00020019,00491990,?,00000000,00000000), ref: 00492026
                                                                                                                                                                                                                • wcscpy.MSVCR71 ref: 004920A2
                                                                                                                                                                                                                • wcscpy.MSVCR71 ref: 004920AF
                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,00000000,00000000), ref: 004920F6
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00491990,?,?,?,00000000,00000000), ref: 00492106
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,Version,?,00000000,?,00000000,00000000), ref: 0049212F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$Openwcscpy$EnumQueryValue
                                                                                                                                                                                                                • String ID: SOFTWARE\SweetIM\Messenger\Adapters$Version
                                                                                                                                                                                                                • API String ID: 4170070848-2368675537
                                                                                                                                                                                                                • Opcode ID: 0cbfeb033533018893ac5f1479a19da8515dcfd3ede9c902c88126a5f07a249e
                                                                                                                                                                                                                • Instruction ID: fc62425b275877d475b14c1eae6036de4c62b6f02b002c7c4f34e15ab587f0ca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cbfeb033533018893ac5f1479a19da8515dcfd3ede9c902c88126a5f07a249e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71517072D00219ABDF11CF94CC85BEEBBB9FB98300F10447AE605B3241D7786A45CBA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B6F50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 96stringregistryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,localhost), ref: 007B6F8C
                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,127.0.0.1), ref: 007B6F98
                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007B6FA9
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: lstrcmpi$ConnectRegistry
                                                                                                                                                                                                                • String ID: 127.0.0.1$localhost
                                                                                                                                                                                                                • API String ID: 3700483673-2339935011
                                                                                                                                                                                                                • Opcode ID: 7a31c3fc650cd2d985baab7f4c147dac6c3e8b711cec5b12393d6ec90eeb2442
                                                                                                                                                                                                                • Instruction ID: 9b771e71fb46ff9d8a493f9fe45da2b08b51e94aef141e4121872d90f3497f14
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a31c3fc650cd2d985baab7f4c147dac6c3e8b711cec5b12393d6ec90eeb2442
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0521D632609315ABC325CB29DC44F6BB7ECEB88B65F158A1FF544E3280D769EC40C6A4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10018320 Relevance: 15.1, APIs: 10, Instructions: 144COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71 ref: 1001835F
                                                                                                                                                                                                                • ?DestroyIpcQueue@CIPC@@SGHPBD@Z.MGHOOKING(00000000), ref: 10018366
                                                                                                                                                                                                                • ??0CAutoLock@@QAE@ABVCLockable@@@Z.MGCOMMON(?), ref: 1001838B
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 100183AD
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 100183E6
                                                                                                                                                                                                                • ??1CAutoLock@@QAE@XZ.MGCOMMON(?,?,?,?,?,?,?,1001D57F,000000FF), ref: 1001840F
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 10018445
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 1001845B
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 10018473
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??3@$AutoLock@@$?c_str@?$basic_string@CloseD@2@@std@@D@std@@DestroyHandleLockable@@@Queue@U?$char_traits@V?$allocator@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 619612619-0
                                                                                                                                                                                                                • Opcode ID: 3ed660e164e1e7e257531726dac411e7ccd3b127acdd363c16969633f5836939
                                                                                                                                                                                                                • Instruction ID: ee0f1fff2604525acecceebcd1f80474c5da34012e8c465fa0da749e95eb03c1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ed660e164e1e7e257531726dac411e7ccd3b127acdd363c16969633f5836939
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C5149B5A00741DFC710CFA8C9C1A5AF7F5FF08600B60896EE55A9BA41D730FA85CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00407290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 123registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(00000104,Run,00000000,00020019,?), ref: 004072FC
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00407311
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(00000000,MOD,00000000,00020019,?,0040D174,?,004059FD,?,?,?,?,00000104,00408C28,000000FF,00407B87), ref: 00407358
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,004059FD,?,?,?,?,00000104,00408C28,000000FF,00407B87,00000104,?), ref: 00407369
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004073BB
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004073CE
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Close$Open
                                                                                                                                                                                                                • String ID: MOD$Run
                                                                                                                                                                                                                • API String ID: 2976201327-1407684268
                                                                                                                                                                                                                • Opcode ID: a7a7ae38332bbc94ece10f71fb2ec82e7bcc7eab43c145b8d4e23c9cf14685f2
                                                                                                                                                                                                                • Instruction ID: d8ebc45ffe6d883bf91305716d9902575837cf9b9c5dca007cd2cbfb08c15c55
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7a7ae38332bbc94ece10f71fb2ec82e7bcc7eab43c145b8d4e23c9cf14685f2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85413AB09183519FC210DF54C884A5FBBE8FB88B14F000E2EF595A3281D7B9E948CBD6
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00491490 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00001000,?,?,?,?,?,00493260,000000FF,?,00491898,?), ref: 004914FE
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,?,?,?,?,00493260,000000FF,?,00491898,?), ref: 00491505
                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,?,00001000), ref: 0049151E
                                                                                                                                                                                                                • wcscpy.MSVCR71 ref: 00491532
                                                                                                                                                                                                                • PathStripPathW.SHLWAPI(?), ref: 00491542
                                                                                                                                                                                                                • _wcsicmp.MSVCR71 ref: 00491554
                                                                                                                                                                                                                  • Part of subcall function 004912D0: LoadLibraryW.KERNEL32(version.dll,?,?,?,?,?), ref: 004912D9
                                                                                                                                                                                                                  • Part of subcall function 004912D0: GetProcAddress.KERNEL32(00000000,VerQueryValueW), ref: 004912F6
                                                                                                                                                                                                                  • Part of subcall function 004912D0: GetProcAddress.KERNEL32(00000000,GetFileVersionInfoW), ref: 00491302
                                                                                                                                                                                                                  • Part of subcall function 004912D0: GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeW), ref: 0049130E
                                                                                                                                                                                                                  • Part of subcall function 004912D0: ??2@YAPAXI@Z.MSVCR71 ref: 00491329
                                                                                                                                                                                                                  • Part of subcall function 004912D0: FreeLibrary.KERNEL32(00000000,?,?,?,?,?), ref: 004913AA
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressPathProc$LibraryModuleName$??2@FileFreeHandleLoadLongStrip_wcsicmpwcscpy
                                                                                                                                                                                                                • String ID: YahooMessenger.exe
                                                                                                                                                                                                                • API String ID: 2511602858-3679893240
                                                                                                                                                                                                                • Opcode ID: ec4912cc0f9d941007627a7a2f664ce9d7b99ede2d888754c0747514a464bd88
                                                                                                                                                                                                                • Instruction ID: 0562474e3836edfb9428b0bba6907d84df803a4fecbd84a26679c5f0df8d44fd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec4912cc0f9d941007627a7a2f664ce9d7b99ede2d888754c0747514a464bd88
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB31B272D00219ABDF10CB98CC49EEEB7B8EB4C711F0041BBE609E2150D7755A48CBE5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10007A00 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ObtainUserAgentString.URLMON(00000000,00000000,?), ref: 10007A45
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007A56
                                                                                                                                                                                                                • ObtainUserAgentString.URLMON(00000000,00000000,?), ref: 10007A6F
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000004,?,1000874B,?), ref: 10007A81
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,?,?,1000874B,?), ref: 10007AA7
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(00000000,?,?,?,1000874B,?), ref: 10007AB5
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007AC7
                                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCR71 ref: 10007AD4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AgentByteCharMultiObtainStringUserWide$??4?$basic_string@G@2@@std@@G@std@@U?$char_traits@V01@V?$allocator@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 983251311-0
                                                                                                                                                                                                                • Opcode ID: a0da22129a3ef16a77b54caba914ea35f8b08bba8919fec88cc6f8014360c394
                                                                                                                                                                                                                • Instruction ID: 946ce798eca873834d174b4e99baa04dcac021bfb21973cb8b1fce34418b37c2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0da22129a3ef16a77b54caba914ea35f8b08bba8919fec88cc6f8014360c394
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A21D8B1E006057BE710DB548CC5FBFB6ACFB85694F100529F505A6241E778EE84C6F2
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004C39C0 Relevance: 12.1, APIs: 8, Instructions: 81threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CHTTPClient@@QAE@XZ.MGCOMMUNICATION ref: 004C39E1
                                                                                                                                                                                                                • ??2@YAPAXI@Z.MSVCR71 ref: 004C3A0F
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004C3A2E
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004C3A37
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004C3A40
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004C3A49
                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004C3A52
                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 004C3A65
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893316133.00000000004C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 004C0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893294302.00000000004C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893337601.00000000004C5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893360960.00000000004C9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4c0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Create$Event$??2@Client@@Thread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 130443547-0
                                                                                                                                                                                                                • Opcode ID: 9b56e89e2b4bde070876fe4fd80d800524a14cc33d1843884e815536a807ce8b
                                                                                                                                                                                                                • Instruction ID: aa563ebb09b3ecc51fc528ba661bfbb04081955ad99a32123546968b035a56ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b56e89e2b4bde070876fe4fd80d800524a14cc33d1843884e815536a807ce8b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D921D1F5900754AFD3609F6A8DC5E27FAECFB48754B50492EF18AC2A10D779AC008F65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081CBE8 Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC14
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC1A
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC20
                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC26
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00100000,00000000,00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC41
                                                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0082394C,00000000,00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC54
                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0082394C,00000000,00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CC69
                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0082394C,0081CCDC,0082394C,00000000,00000000,00000000,?,00000000,00000000,00000002,00000000,0081CEDD), ref: 0081CCCF
                                                                                                                                                                                                                  • Part of subcall function 0081DF18: LoadLibraryA.KERNEL32(00000000,00000000,0081E0E4), ref: 0081DF58
                                                                                                                                                                                                                  • Part of subcall function 0081DF18: GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DF76
                                                                                                                                                                                                                  • Part of subcall function 0081DF18: GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DF94
                                                                                                                                                                                                                  • Part of subcall function 0081DF18: GetProcAddress.KERNEL32(00000000,00000000), ref: 0081DFB3
                                                                                                                                                                                                                  • Part of subcall function 0081DF18: AllocateAndInitializeSid.ADVAPI32(00822F8C,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0081CEDD), ref: 0081E03F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressCriticalCurrentProcProcessSection$HandleInitialize$AllocateCloseDuplicateEnterLeaveLibraryLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1042864306-0
                                                                                                                                                                                                                • Opcode ID: b437ba946530c78c2cbc303aeaba849dd416d841200007c189ddd147e4f44305
                                                                                                                                                                                                                • Instruction ID: 1bf920f46808f942fe3367796c5b1a6156733685ccd97c33230839469c9f2b0e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b437ba946530c78c2cbc303aeaba849dd416d841200007c189ddd147e4f44305
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4121A330A817556FDB21EBA8DD92B9F7BACFF06710F404551F500E3382D6789E418AA2
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10013290 Relevance: 10.6, APIs: 7, Instructions: 101windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 10019080: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,100132D1,?,00000000,?,00000000,00000000,1001CD75,000000FF,?,100139A2), ref: 1001909C
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71 ref: 100132E3
                                                                                                                                                                                                                • ??0CSerialize@@QAE@H@Z.MGCOMMON ref: 100132F7
                                                                                                                                                                                                                  • Part of subcall function 100190C0: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(?,?,10013310,00000000), ref: 100190CA
                                                                                                                                                                                                                  • Part of subcall function 100190C0: ??6CSerialize@@QAEAAV0@H@Z.MGCOMMON(?,00000000,?,10013310,00000000), ref: 100190D9
                                                                                                                                                                                                                  • Part of subcall function 100190C0: ??6CSerialize@@QAEAAV0@PAG@Z.MGCOMMON(?,10013310,00000000), ref: 100190E1
                                                                                                                                                                                                                  • Part of subcall function 100190C0: ??6CSerialize@@QAEAAV0@H@Z.MGCOMMON(?,10013310,00000000), ref: 100190E9
                                                                                                                                                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 1001332C
                                                                                                                                                                                                                • ?SendIpcMessage@CIPC@@SGHPBDPAXK1KKH@Z.MGHOOKING(00000000,1001CD75,?,?,0000141C,0000EA60,00000001), ref: 10013348
                                                                                                                                                                                                                • ??0CSerialize@@QAE@PAEI@Z.MGCOMMON(?,?), ref: 10013370
                                                                                                                                                                                                                • ??1CSerialize@@QAE@XZ.MGCOMMON(?), ref: 100133AE
                                                                                                                                                                                                                • ??1CSerialize@@QAE@XZ.MGCOMMON ref: 100133BB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Serialize@@$U?$char_traits@V?$allocator@$G@2@@std@@G@std@@$?c_str@?$basic_string@$??0?$basic_string@??4?$basic_string@D@2@@std@@D@std@@Message@SendV01@V01@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1857123629-0
                                                                                                                                                                                                                • Opcode ID: 55e70045a3e7a214cf920727bb1297f6ae035d6bca022b6c91cb23f92b917ad0
                                                                                                                                                                                                                • Instruction ID: d3465099d5e36c8653509168a1b6ee9cf4a3f2e74b82e95a312b3e7e53f270ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55e70045a3e7a214cf920727bb1297f6ae035d6bca022b6c91cb23f92b917ad0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 074149B5D00259DFDB05CF94C894AEEFBB4FF09310F14819AE816A7341DB746A49CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C384179 Relevance: 9.2, APIs: 6, Instructions: 168fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000003), ref: 7C3841F3
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C3841FD
                                                                                                                                                                                                                • _errno.MSVCR71(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C38420A
                                                                                                                                                                                                                • __doserrno.MSVCR71(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C384215
                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,7C3A1F20,00000014), ref: 7C3842C6
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C3842D0
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastRead$__doserrno_errno
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1365963421-0
                                                                                                                                                                                                                • Opcode ID: d7632bddbd6b6b99cae0679282b49e8e1d01512aa0f7a7566580a2518647dbf0
                                                                                                                                                                                                                • Instruction ID: e2e66935f728a6156a880b0a9599a2aa2b748784deb0439fadee13e84845b191
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7632bddbd6b6b99cae0679282b49e8e1d01512aa0f7a7566580a2518647dbf0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA612B306043859FEB12CF68C890B997BF8BF06344F504699E9A29B691D370D655CF21
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004D4490 Relevance: 9.1, APIs: 6, Instructions: 67fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,00000000), ref: 004D44B5
                                                                                                                                                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71 ref: 004D44CD
                                                                                                                                                                                                                • fopen.MSVCR71 ref: 004D44E7
                                                                                                                                                                                                                • fclose.MSVCR71 ref: 004D4507
                                                                                                                                                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 004D451C
                                                                                                                                                                                                                  • Part of subcall function 004D5670: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(00000000,00000000,004D4545,00000002,00000000,00000000,00000000,?), ref: 004D5690
                                                                                                                                                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 004D4551
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893401256.00000000004D1000.00000020.00000001.01000000.00000016.sdmp, Offset: 004D0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893380988.00000000004D0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893424199.00000000004D8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893452688.00000000004DC000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893481133.00000000004DD000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4d0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@??4?$basic_string@V01@$??0?$basic_string@V01@@fclosefopen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2113612512-0
                                                                                                                                                                                                                • Opcode ID: ae22a9b486c15a1d1a4aee44356e727485c69731c050926807f75131bd6b0900
                                                                                                                                                                                                                • Instruction ID: 7ea0f5b00ad9c166985fe19a852bd23a1581b81365782feea88e0fdf6b5449fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae22a9b486c15a1d1a4aee44356e727485c69731c050926807f75131bd6b0900
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C021C232545610EFC3149F14DC55B6AB7A4FB89720F10472FF8A6533D0DB78A90ACBAA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00404070 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(0040D174,00000000,00000000,?,?,00000000,004086D9,000000FF,?,00404E15,00408910,00000000), ref: 00404094
                                                                                                                                                                                                                • ??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z.MSVCP71(00000000,?,?,00000000,004086D9,000000FF,?,00404E15,00408910), ref: 004040A9
                                                                                                                                                                                                                • ?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000001,?,?,00000000,004086D9,000000FF,?,00404E15,00408910), ref: 004040BA
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71(?,?,?,?,00000000,004086D9,000000FF,?,00404E15,00408910), ref: 004040D4
                                                                                                                                                                                                                • _IsFileExist@4.MGCOMMON(00000000,?,?,?,?,00000000,004086D9,000000FF,?,00404E15,00408910), ref: 004040DB
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,00000000,004086D9,000000FF,?,00404E15,00408910), ref: 00404119
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@?c_str@?$basic_string@?erase@?$basic_string@A?$basic_string@Exist@4FileV12@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2307572581-0
                                                                                                                                                                                                                • Opcode ID: 9fd333abbe3005c63c91d4f24a791c46385ba88be7caf08d79c73c2063fa2383
                                                                                                                                                                                                                • Instruction ID: 06a89c6918b1145295d760ee36db5e22ef0cb3e17acc9b9e31a978afcf852bfd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fd333abbe3005c63c91d4f24a791c46385ba88be7caf08d79c73c2063fa2383
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB11D371900514EBCB109B55ED49A9EBB78EF85720F10422AF816B3281DBB91E41C6A9
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C37421D Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _get_osfhandle.MSVCR71(?,00000000,?,7C3742F1,?,7C3A0C58,0000000C,7C371F51,?,?,?,?,00000001,7C36A2CA,7C3AB638), ref: 7C374224
                                                                                                                                                                                                                • _get_osfhandle.MSVCR71(00000002,00000000,?,7C3742F1,?,7C3A0C58,0000000C,7C371F51,?,?,?,?,00000001,7C36A2CA,7C3AB638), ref: 7C37423B
                                                                                                                                                                                                                • _get_osfhandle.MSVCR71(00000001,00000002,00000000,?,7C3742F1,?,7C3A0C58,0000000C,7C371F51,?,?,?,?,00000001,7C36A2CA,7C3AB638), ref: 7C374244
                                                                                                                                                                                                                • _get_osfhandle.MSVCR71(?,00000000,?,7C3742F1,?,7C3A0C58,0000000C,7C371F51,?,?,?,?,00000001,7C36A2CA,7C3AB638), ref: 7C374250
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,7C3742F1,?,7C3A0C58,0000000C,7C371F51,?,?,?,?,00000001,7C36A2CA,7C3AB638), ref: 7C374257
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001,7C36A2CA,7C3AB638,?,?,?,?,?,?,7C39F1B0,00000010), ref: 7C374261
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_osfhandle$ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 17880858-0
                                                                                                                                                                                                                • Opcode ID: ab82c8a3c0854eab5f01a27a904e73376ee0a1a0beb1a4b33d44b47ccc6899a2
                                                                                                                                                                                                                • Instruction ID: beca39e0c25ed377f221001f3563660ad4cec8963341c804d13a3ded591bfeff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab82c8a3c0854eab5f01a27a904e73376ee0a1a0beb1a4b33d44b47ccc6899a2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3012B3360621015F7125A3968C8BEE27685FC23E5B31061DE4A6D76C0DE1EF4668D63
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007BC140 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 007BC166
                                                                                                                                                                                                                • ?GetCSIDLFromString@@YGHPBGPAH@Z.MGCOMMON ref: 007BC184
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CSIDL_PROGRAM_FILES), ref: 007BBFB5
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 007BBFDC
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CSIDL_COMMON_STARTMENU), ref: 007BBFEB
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BC012
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CSIDL_APPDATA), ref: 007BC021
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BC048
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(CSIDL_LOCAL_APPDATA), ref: 007BC057
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BC07E
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 007BC08D
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP71(?,?,?), ref: 007BC0B9
                                                                                                                                                                                                                  • Part of subcall function 007BBF60: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BC0E2
                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 007BC19D
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP71(007D746C), ref: 007BC1B7
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 007BC1CC
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 007BC1E6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??0?$basic_string@$??1?$basic_string@$??$???4?$basic_string@FolderFromG@1@@std@@G@2@@0@0@PathString@@V01@V01@@V?$basic_string@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 780196800-0
                                                                                                                                                                                                                • Opcode ID: 939aed4b488518b2a1bc0fca978b0e5ff3729247c9a8da6ca75d8ae38ebc54ae
                                                                                                                                                                                                                • Instruction ID: e2b21f819c7b7570ca21335fb6ace0c3cde21a832c7c26dbcec0a0feeea7f73a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 939aed4b488518b2a1bc0fca978b0e5ff3729247c9a8da6ca75d8ae38ebc54ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08110D71109385AFD324DB54DD48BAAB7B4FB84B15F00C91EF58996290E77CA504CB52
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004053B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                • String ID: +)
                                                                                                                                                                                                                • API String ID: 613200358-3505648025
                                                                                                                                                                                                                • Opcode ID: 15371336ed0bd8bcabb954ac31869fc3e593e4ae6054e2735946d8bde57e428f
                                                                                                                                                                                                                • Instruction ID: 6fb7177d9e9ff2ae74989f38ae9cfc1efb7f46c3fed95d923ebf0c6aa249cca8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15371336ed0bd8bcabb954ac31869fc3e593e4ae6054e2735946d8bde57e428f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B512EB6900604ABCB10DF59D9819DFB7B9FF48704F54852EF91AB7280D738BA04CBA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0080DCEC Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0080DDF1,?,00000000,?,0000000F), ref: 0080DD1A
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,?), ref: 0080DDCF
                                                                                                                                                                                                                  • Part of subcall function 0080D8DC: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,0080DAC6,?,?,?,0000000F), ref: 0080D954
                                                                                                                                                                                                                  • Part of subcall function 0080D8DC: GetProcAddress.KERNEL32(00000000,00000000), ref: 0080D95A
                                                                                                                                                                                                                  • Part of subcall function 0080D8DC: AllocateAndInitializeSid.ADVAPI32(00822BB0,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0000000F,00000000,00000000,0080DAC6,?,?), ref: 0080D984
                                                                                                                                                                                                                  • Part of subcall function 0080D8DC: AllocateAndInitializeSid.ADVAPI32(00822BB8,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00822BB0,00000001,00000000,00000000,00000000), ref: 0080D9AC
                                                                                                                                                                                                                  • Part of subcall function 0080D8DC: GetCurrentProcess.KERNEL32(00822BB8,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00822BB0,00000001,00000000,00000000,00000000), ref: 0080D9B9
                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(000000FF,?,00000004,00000000,?,?,00000000,0080DDF1,?,00000000,?,0000000F), ref: 0080DD7C
                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(000000FF,?,00000004,00000000,?,00000000,000000FF,?,00000004,00000000,?,?,00000000,0080DDF1,?,00000000), ref: 0080DDAD
                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,000000FF,?,00000004,00000000,?,?,00000000,0080DDF1,?,00000000,?,0000000F), ref: 0080DDBE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateFileMapping$AllocateInitialize$AddressCurrentFreeHandleLocalModuleProcProcessVersion
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1121073306-0
                                                                                                                                                                                                                • Opcode ID: 8137d9960b0a8a45dbb611a2ab9fe47ede5cf38ab8448d74c90034d4ebd8a824
                                                                                                                                                                                                                • Instruction ID: dffa95294c2d16c18ad7f4b5708b9f523eaf898a81334db9432f59e1a58abfaa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8137d9960b0a8a45dbb611a2ab9fe47ede5cf38ab8448d74c90034d4ebd8a824
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E312271A00619AFDB90EBE8DC41FDE77B8FB49720F504525F920E72C1E77199048BA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004910E0 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00001000,?,?,00000000,?,?,00493240,000000FF,?,0049180D,?,?), ref: 0049111E
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,?,00000000,?,?,00493240,000000FF,?,0049180D,?,?), ref: 00491125
                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,?,00001000), ref: 0049113E
                                                                                                                                                                                                                • PathStripPathW.SHLWAPI(?,?,?,00000000,?,?,00493240,000000FF,?,0049180D,?,?), ref: 0049114B
                                                                                                                                                                                                                • wcslen.MSVCR71 ref: 00491158
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$ModuleName$FileHandleLongStripwcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3296686682-0
                                                                                                                                                                                                                • Opcode ID: aa0db3a0a2961c4e81d7a69ab77020bd940626c0746ffc8b0409fb89afaebe3a
                                                                                                                                                                                                                • Instruction ID: 5502dd556a8199f6444913cc37d8a43662f868245f9035b4b0b900f77fe65433
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa0db3a0a2961c4e81d7a69ab77020bd940626c0746ffc8b0409fb89afaebe3a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD21B372900219EBDB20CF95DC45EDABBB8EB98750F00417AF60993260D7746A89CBA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007BA220 Relevance: 7.6, APIs: 5, Instructions: 62registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(HKEY_CLASSES_ROOT,?,00000000), ref: 007BA092
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 007BA0B9
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(HKEY_CURRENT_USER), ref: 007BA0C8
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BA0EF
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(HKEY_LOCAL_MACHINE), ref: 007BA0FE
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BA125
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(HKEY_USERS), ref: 007BA134
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BA15B
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(HKEY_CURRENT_CONFIG), ref: 007BA16A
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?), ref: 007BA191
                                                                                                                                                                                                                  • Part of subcall function 007BA040: ??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP71(?,-0000000C,?), ref: 007BA1B6
                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32 ref: 007BA284
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,00000000,?,00000000,00020019,?), ref: 007BA2A9
                                                                                                                                                                                                                • ?GetStringValue@@YAHAAVCRegKey@ATL@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV34@@Z.MGCOMMON(?,?,?,00000000,?,00000000,00020019,?), ref: 007BA2B4
                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?), ref: 007BA2C3
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,007D4CE1,000000FF), ref: 007BA2D5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??0?$basic_string@??1?$basic_string@$V?$basic_string@$??$?CloseG@1@@std@@G@2@@0@0@Key@OpenStringV01@@V34@@Value@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4131902397-0
                                                                                                                                                                                                                • Opcode ID: beafec4837d093860bdd8ce5fa9b4c9bcd66784eac6f2ea8f50a594e68a9ebeb
                                                                                                                                                                                                                • Instruction ID: 15c1ab9f260d5fbe6ae4fcf6107632307558712c613dddabeae0be8f2ef2e2d5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: beafec4837d093860bdd8ce5fa9b4c9bcd66784eac6f2ea8f50a594e68a9ebeb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB216FB1508340AFC304EF58C885B5BBBF4BB88718F144A1DF44992391E779E945CB93
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10018E0B Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CErrException@@QAE@XZ.MGCOMMON ref: 10018E11
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10018E23
                                                                                                                                                                                                                • ?GetProcessVersion@CUpdateManager@@AAEXXZ.MGUPDATESUPPORT ref: 10018E38
                                                                                                                                                                                                                  • Part of subcall function 10017950: GetModuleHandleW.KERNEL32(00000000,?,00000104), ref: 1001798C
                                                                                                                                                                                                                  • Part of subcall function 10017950: GetModuleFileNameW.KERNEL32(00000000), ref: 10017993
                                                                                                                                                                                                                  • Part of subcall function 10017950: GetFileVersionInfoSizeW.VERSION(?,?), ref: 100179A4
                                                                                                                                                                                                                  • Part of subcall function 10017950: ??0CErrException@@QAE@XZ.MGCOMMON ref: 100179D7
                                                                                                                                                                                                                  • Part of subcall function 10017950: _CxxThrowException.MSVCR71(?,1002A55C), ref: 100179E9
                                                                                                                                                                                                                  • Part of subcall function 10017950: GetFileVersionInfoW.VERSION(00000000,?,00000000,00000000), ref: 100179FB
                                                                                                                                                                                                                  • Part of subcall function 10017950: ??0CErrException@@QAE@XZ.MGCOMMON(00000000,?,00000000,00000000), ref: 10017A07
                                                                                                                                                                                                                  • Part of subcall function 10017950: _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017A16
                                                                                                                                                                                                                  • Part of subcall function 10017950: VerQueryValueW.VERSION(00000000,100274DC,?,?,00000000,?,00000000,00000000), ref: 10017A29
                                                                                                                                                                                                                  • Part of subcall function 10017950: ??0CErrException@@QAE@XZ.MGCOMMON(00000000,100274DC,?,?,00000000,?,00000000,00000000), ref: 10017A35
                                                                                                                                                                                                                  • Part of subcall function 10017950: _CxxThrowException.MSVCR71(?,1002A55C), ref: 10017A44
                                                                                                                                                                                                                  • Part of subcall function 10017950: ??_V@YAXPAX@Z.MSVCR71 ref: 10017A85
                                                                                                                                                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(?), ref: 10018E4A
                                                                                                                                                                                                                • ?CreateIpcQueue@CIPC@@SGHPBDP6GX0PBXK1K@Z@Z.MGHOOKING(00000000), ref: 10018E51
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionException@@Throw$File$InfoModuleVersion$?c_str@?$basic_string@CreateD@2@@std@@D@std@@HandleManager@@NameProcessQueryQueue@SizeU?$char_traits@UpdateV?$allocator@ValueVersion@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1336437505-0
                                                                                                                                                                                                                • Opcode ID: 10c8f7494c5ce0e2feb62c9e1e5f334fa6c1b2bc1f779cc607e4ee6f8e6b9a85
                                                                                                                                                                                                                • Instruction ID: 61ad1860af9ae9633a01ffac7cd6628ec7c704f053cd913ee887095c7b2ff9b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10c8f7494c5ce0e2feb62c9e1e5f334fa6c1b2bc1f779cc607e4ee6f8e6b9a85
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF05E71E50268DFDB11DFA8DC4479DB7F4EB48601F20859BE10AD7650DB349B848B90
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402A90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • AdaptersProxyInitialize.MGADAPTERSPROXY ref: 00402ABC
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • -AutoStartIM, xrefs: 00402AA4
                                                                                                                                                                                                                • AdaptersProxyInitialize() - Failed, GetLastError() of SetWindowsHookEx() = %d, xrefs: 00402AED
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdaptersInitializeProxy
                                                                                                                                                                                                                • String ID: -AutoStartIM$AdaptersProxyInitialize() - Failed, GetLastError() of SetWindowsHookEx() = %d
                                                                                                                                                                                                                • API String ID: 1156828009-3424845215
                                                                                                                                                                                                                • Opcode ID: 764e5a2dcc12027edace63a78061153268f7ba7795b2600527ff552bd2ebb632
                                                                                                                                                                                                                • Instruction ID: a635ecefc97f4f0787df446defdbaf12bc68da4a27cc6cde385b7676d143fc41
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 764e5a2dcc12027edace63a78061153268f7ba7795b2600527ff552bd2ebb632
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA01DB327082041BD320CE6CE9046A7B3D8DBC4724F004A7BEC59D3690E6B6AD1887CA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004918F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetWindowsHookExW.USER32(00000005,00491860,?,00000000), ref: 0049190C
                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0049191B
                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00491940
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • SetWindowsHookEx - Failed, GetLastError = %d, xrefs: 0049192F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorHookLastWindowswsprintf
                                                                                                                                                                                                                • String ID: SetWindowsHookEx - Failed, GetLastError = %d
                                                                                                                                                                                                                • API String ID: 3389577207-4265691123
                                                                                                                                                                                                                • Opcode ID: 69b999d261fd1a92cf6cbf85ef633f31b5d0d4cff768b1980a6b033b35d7a42c
                                                                                                                                                                                                                • Instruction ID: a057d638169343c9c3f288b16c9800cf09aa822eaad5a3055159b6b55a591f7f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69b999d261fd1a92cf6cbf85ef633f31b5d0d4cff768b1980a6b033b35d7a42c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82F08271200304AFD710DB69EC05F277BE8EBD4750F10853ABB158A2E0E7705525C79E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38C70B Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _lseek.MSVCR71(?,00000000,00000001,?,?), ref: 7C38C72B
                                                                                                                                                                                                                • _errno.MSVCR71(?,?), ref: 7C38C79D
                                                                                                                                                                                                                • _lseek.MSVCR71(00000001,00000000,00000002,?,?), ref: 7C38C7F7
                                                                                                                                                                                                                • _lseek.MSVCR71(00000001,00000080,00000000,?,?,?,?,?), ref: 7C38C829
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _lseek$_errno
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3764762582-0
                                                                                                                                                                                                                • Opcode ID: 9e4d2b254a56583694f2a5052af809b1d82a5bf7918e3e3cccbac1524d0bc75e
                                                                                                                                                                                                                • Instruction ID: ae989d02d8455c962e85c69de6ceb739e6164f37f692b3d680f032f02ddfee20
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e4d2b254a56583694f2a5052af809b1d82a5bf7918e3e3cccbac1524d0bc75e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5841A270A40709AFDB05CF69E980B98BBF4FF013D4F50826DE99A97681D330AA50CF91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10016A90 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 10008260: ??0CAutoLock@@QAE@ABVCLockable@@@Z.MGCOMMON(?,00000000,00000000,00000004,00000000,00000000), ref: 10008291
                                                                                                                                                                                                                  • Part of subcall function 10008260: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100082B5
                                                                                                                                                                                                                  • Part of subcall function 10008260: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100082C1
                                                                                                                                                                                                                  • Part of subcall function 10008260: ??3@YAXPAX@Z.MSVCR71 ref: 100082C8
                                                                                                                                                                                                                  • Part of subcall function 10008260: memmove.MSVCR71 ref: 100082E1
                                                                                                                                                                                                                  • Part of subcall function 10008260: ??1CAutoLock@@QAE@XZ.MGCOMMON ref: 100082FC
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,00000000,00000000,00000004,?,?,?,?,?,?,?,?,00000000,1001D2C5,000000FF), ref: 10016AFC
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,00000000,1001D2C5,000000FF,?,10016FE5), ref: 10016B1F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,00000000,1001D2C5,000000FF,?,10016FE5), ref: 10016B2C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(00000000,00000007,00000007,00000000,?,?,?,?,?,?,?,?,?,00000000,1001D2C5,000000FF), ref: 10016B5B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$AutoLock@@$??3@Lockable@@@V01@@mallocmemmove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3762477474-0
                                                                                                                                                                                                                • Opcode ID: 64c80945b6c55ce87e5b9b922149fccd86ba8e8d78e3de74a0510b02389f49b8
                                                                                                                                                                                                                • Instruction ID: eaba3622c5505e7464329a3f941418a6080a92f1b2f9bf855cd25b862db2d623
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64c80945b6c55ce87e5b9b922149fccd86ba8e8d78e3de74a0510b02389f49b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531BF75905258DBDB10CB98CD85BDEBBB8FF08700F204159E802A7381CB74AE85CBA2
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0080DE14 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000,00000000,?,0081BFBA,00000000,000000FF,0081C1F0), ref: 0080DE44
                                                                                                                                                                                                                • OpenFileMappingW.KERNEL32(00000004,00000000,?,00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000,00000000,?,0081BFBA), ref: 0080DE88
                                                                                                                                                                                                                • OpenFileMappingW.KERNEL32(00000004,00000000,00000000,00000004,00000000,?,00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000), ref: 0080DEB1
                                                                                                                                                                                                                • OpenFileMappingA.KERNEL32(00000004,00000000,?), ref: 0080DEBE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileMappingOpen$Version
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1612670014-0
                                                                                                                                                                                                                • Opcode ID: 4cc0e5d198d3ca8e71087f42287312e629ea95cb56b5a008b9b565d91e215e5b
                                                                                                                                                                                                                • Instruction ID: bb1deda32f8c614c2e4b40eb455e622d85d4f0560fc8710b79f0205e204436d8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cc0e5d198d3ca8e71087f42287312e629ea95cb56b5a008b9b565d91e215e5b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B62196716007096FD751EAD8CC41BBF73B9FB58310F505454F900EB2C2DA74AD018A72
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B7BE0 Relevance: 6.1, APIs: 4, Instructions: 74registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?RearrangeSubkeyAndName@CRegistrySupp@@AAEXAAPBG0PAG@Z.MGCOMMON(?,?,?), ref: 007B7C01
                                                                                                                                                                                                                  • Part of subcall function 007B6E30: _FindLastBackslash@4.MGCOMMON ref: 007B6E62
                                                                                                                                                                                                                  • Part of subcall function 007B6E30: lstrcpyW.KERNEL32(?,00000000), ref: 007B6E75
                                                                                                                                                                                                                • ?CreateOrOpenKey@CRegistrySupp@@AAEHPBG0HPAPAUHKEY__@@@Z.MGCOMMON ref: 007B7C2D
                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32 ref: 007B7C75
                                                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 007B7C82
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: RegistrySupp@@$Backslash@4CloseCreateFindKey@LastName@OpenQueryRearrangeSubkeyValueY__@@@lstrcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3722663467-0
                                                                                                                                                                                                                • Opcode ID: b8d7fb4b01fc809d2e6ad27ac22f31f88260f7303bf08b24607bb0b9cb4aa918
                                                                                                                                                                                                                • Instruction ID: d111c2054621fd63070c35c45bdec709457495e2364716153df270874635304a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8d7fb4b01fc809d2e6ad27ac22f31f88260f7303bf08b24607bb0b9cb4aa918
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D213372109200AED329DF55D884FEBB7E8AFD4720F14891EE59997180E674A908C7B2
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081D564 Relevance: 6.1, APIs: 4, Instructions: 72fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,00000000,0081D641,?,?,00000000,00000000,00000000,00000000,?,0081D6FA,00000000,0081DB46), ref: 0081D5AD
                                                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000004,00000000), ref: 0081D5E1
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,?,?,00000000,0081D641,?,?,00000000,00000000,00000000), ref: 0081D5F4
                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,000F001F,00000000,00000000,00000000,?,?,?,?,00000000,0081D641,?,?,00000000,00000000), ref: 0081D608
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CloseCreateCurrentHandleMappingProcessView
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3100119383-0
                                                                                                                                                                                                                • Opcode ID: ba99e7a2a2ca92807d2335fef6404b29269b90482f254520d138419861641517
                                                                                                                                                                                                                • Instruction ID: 994aef2aa5f962aca41da54a657ebd645b5e3c5e9f623e51049ee2f2642955f0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba99e7a2a2ca92807d2335fef6404b29269b90482f254520d138419861641517
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B21A870600309BFFB20EBA8DC43FABB7BCFB44714F504524B204E66D2D6B46955DA66
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C384356 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _errno.MSVCR71(7C3A1F68,0000000C), ref: 7C3843B5
                                                                                                                                                                                                                • __doserrno.MSVCR71(7C3A1F68,0000000C), ref: 7C3843C0
                                                                                                                                                                                                                  • Part of subcall function 7C384179: ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000003), ref: 7C3841F3
                                                                                                                                                                                                                  • Part of subcall function 7C384179: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C3841FD
                                                                                                                                                                                                                  • Part of subcall function 7C384179: _errno.MSVCR71(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C38420A
                                                                                                                                                                                                                  • Part of subcall function 7C384179: __doserrno.MSVCR71(?,?,?,?,?,?,?,?,?,7C3A1F20,00000014,7C3823CC,?,00000302,?), ref: 7C384215
                                                                                                                                                                                                                • _errno.MSVCR71(7C3A1F68,0000000C), ref: 7C3843E5
                                                                                                                                                                                                                • __doserrno.MSVCR71(7C3A1F68,0000000C), ref: 7C3843F0
                                                                                                                                                                                                                  • Part of subcall function 7C3746D7: _lock.MSVCR71(0000000A,7C3A0C88,00000008,7C3740C9,?,7C3A0C38,0000000C,7C369A22,?,?,00000001), ref: 7C374706
                                                                                                                                                                                                                  • Part of subcall function 7C3746D7: _local_unwind2.MSVCR71(?,000000FF,7C3A0C88,00000008,7C3740C9,?,7C3A0C38,0000000C,7C369A22,?,?,00000001), ref: 7C37472E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __doserrno_errno$ErrorFileLastRead_local_unwind2_lock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1011281286-0
                                                                                                                                                                                                                • Opcode ID: 60609bc6c197bcd2b46d7d217f9beaa98c87fd315a29ce301568015a8b96fb09
                                                                                                                                                                                                                • Instruction ID: 22a18035754ed2d806a8aff91acd7f1aad0ff63dca6f3032464829d567f540f8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60609bc6c197bcd2b46d7d217f9beaa98c87fd315a29ce301568015a8b96fb09
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D110471940245DFEB01CFA8CC50B9C3BB4AF01398F114648E9726B9D1C7BA892ACF72
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C37433B Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _get_osfhandle.MSVCR71(?,?,7C374406,?,?,?,7C3A0C68,0000000C,7C369A07,?,00000000,00000002), ref: 7C374341
                                                                                                                                                                                                                • _errno.MSVCR71(?,7C374406,?,?,?,7C3A0C68,0000000C,7C369A07,?,00000000,00000002), ref: 7C37434C
                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,?,00000000,?,?,?,7C374406,?,?,?,7C3A0C68,0000000C,7C369A07,?,00000000,00000002), ref: 7C374368
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,7C374406,?,?,?,7C3A0C68,0000000C,7C369A07,?,00000000,00000002), ref: 7C374375
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastPointer_errno_get_osfhandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4041642613-0
                                                                                                                                                                                                                • Opcode ID: 8f583592e29caf2eae9a4b26b58bc0b04bfbf2490d77a1c985dee1900b02a0cc
                                                                                                                                                                                                                • Instruction ID: c00f4e336965c5ff4b5ba158474134d273a8ec06fa1558c6d0d55d8bc0df2643
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f583592e29caf2eae9a4b26b58bc0b04bfbf2490d77a1c985dee1900b02a0cc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD01F4323041105BEA024F7DAC8468A377D9B823B4B210B49F5B2DB2E0DB35E8219E61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00807994 Relevance: 4.7, APIs: 3, Instructions: 161filelibrarystringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 008076D4: IsBadReadPtr.KERNEL32(00000000,00000002,00000000,0080771C,?,00000000,00000004,00000000,?,008079BA,00000000,00000004,00000000), ref: 008076F1
                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,?,00000000,00000004,00000000), ref: 00807A22
                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,00000000,?,00000000,00000004,00000000), ref: 00807B2C
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00807B6E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressFileProcReadUnmapViewlstrcmp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3248418922-0
                                                                                                                                                                                                                • Opcode ID: 3fce470cc9f86ec5638dec8ac524dac28923e9fe1ff25d55473a07d1569caf15
                                                                                                                                                                                                                • Instruction ID: 353c8b8ebe9e1fba189f1022662b1e54dd4c795322b3d101a154fc0b878f6902
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fce470cc9f86ec5638dec8ac524dac28923e9fe1ff25d55473a07d1569caf15
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC61E071E08219DFCBA0DFA8C985A9EB7F5FF18310F2445A5E801E7291D730AE44DBA0
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C3638E2 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _global_unwind2.MSVCR71(?), ref: 7C363952
                                                                                                                                                                                                                • _local_unwind2.MSVCR71(?,?), ref: 7C36395F
                                                                                                                                                                                                                • _local_unwind2.MSVCR71(?,000000FF), ref: 7C3639B2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _local_unwind2$_global_unwind2
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3251452985-0
                                                                                                                                                                                                                • Opcode ID: 840838da444c96539f220dfa40b0300418cfe70cfbaa9180f276c1b9ac0a05ed
                                                                                                                                                                                                                • Instruction ID: e57afbc53cecc80e8be334ad31aede892a41de38939606e8a2082a98cbd7957b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 840838da444c96539f220dfa40b0300418cfe70cfbaa9180f276c1b9ac0a05ed
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC31E8725002089BC740DF69CC80AAAB7E4FF443A0F058569EC5BAB688D735F919CFE1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B9F30 Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegEnumKeyExW.KERNEL32(?,?,?,?,00000000,00000000,00000000,?), ref: 007B9FA1
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?,?,?,?,00000000,00000000,00000000,?), ref: 007B9FC0
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71(?,00000001,?,?,?,?,00000000,00000000,00000000,?), ref: 007B9FE3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@Enum
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 963253744-0
                                                                                                                                                                                                                • Opcode ID: dcbdfa11a1806f215c108c5800c788fe7ca9df0b08a3200f4e70b47c09bb3917
                                                                                                                                                                                                                • Instruction ID: b3bcec8a903da7e4ef794f20d07a99732623ef4adf7da9975f1eb5e0e5999454
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcbdfa11a1806f215c108c5800c788fe7ca9df0b08a3200f4e70b47c09bb3917
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01217171904209EFDB14CF99DC84BEEBBB8FB49710F108169B619E32D0D7746A44CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C36279A Relevance: 4.6, APIs: 3, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,7C370E09,7C39A3C0,00000010,7C36280C,000000E0,7C362829,7C370E09,7C36B104,00000018,7C39F610,00000008,7C368A34,7C370E09,?), ref: 7C3627DE
                                                                                                                                                                                                                • _lock.MSVCR71(00000004,7C39A3C0,00000010,7C36280C,000000E0,7C362829,7C370E09,7C36B104,00000018,7C39F610,00000008,7C368A34,7C370E09,?,?,7C368D70), ref: 7C368BF4
                                                                                                                                                                                                                • _lock.MSVCR71(00000004,7C39A3C0,00000010,7C36280C,000000E0,7C362829,7C370E09,7C36B104,00000018,7C39F610,00000008,7C368A34,7C370E09,?,?,7C368D70), ref: 7C368C45
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _lock$AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2163177545-0
                                                                                                                                                                                                                • Opcode ID: 22a8413b9185f0dda03ab1ac3f2e7fae2e35115b808d8227ce09d8d66b570a54
                                                                                                                                                                                                                • Instruction ID: f5fa6ca664a73986fde3ac4d6c8153ec458af31827c4d608bac5f04f41a09370
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22a8413b9185f0dda03ab1ac3f2e7fae2e35115b808d8227ce09d8d66b570a54
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF110672A42214DBCB10AB74AC41BCCB778BB087E8F214215E8A67B9C8C73659459F97
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004027CC Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00407C70: malloc.MSVCR71 ref: 00407C89
                                                                                                                                                                                                                • ??0CUpdateManager@@QAE@XZ.MGUPDATESUPPORT ref: 004027FA
                                                                                                                                                                                                                • ??0CUpdateAgent@@QAE@XZ.MGUPDATESUPPORT ref: 00402847
                                                                                                                                                                                                                • ?start@CUpdateAgent@@QAEXXZ.MGUPDATESUPPORT ref: 0040285C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Update$Agent@@$?start@Manager@@malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2166456603-0
                                                                                                                                                                                                                • Opcode ID: dccc471687cc8cb5cb6bca3a90258d5caa46a047543604452ae7a15652855d8a
                                                                                                                                                                                                                • Instruction ID: 07ec44a7026ee5907f27cf8dbff873d518ab2f4fde9723369802e389e3d447fe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dccc471687cc8cb5cb6bca3a90258d5caa46a047543604452ae7a15652855d8a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F411AFB1A04384CBEB11DF95864876EFBE0AB44304F18867ED14A6B3C1C7F95E00DB45
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E39C Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 0081E3AD
                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32 ref: 0081E3DD
                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 0081E401
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: GetCurrentProcess.KERNEL32(00000028,?,00000000,0081E332), ref: 0081E184
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,0081E332), ref: 0081E18A
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1B8
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: LocalAlloc.KERNEL32(00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E1CF
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,00000000,00000040,00000000,?,TokenIntegrityLevel,00000000,00000000,?,00000000,0081E310,?,00000000), ref: 0081E1E7
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E210
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E243
                                                                                                                                                                                                                  • Part of subcall function 0081E15C: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 0081E276
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LookupPrivilegeTokenValue$InformationProcess$AllocCurrentErrorInfoLastLocalNativeOpenSystemVersion
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3389662072-0
                                                                                                                                                                                                                • Opcode ID: f82b6c5d5ac14f4c3f0be27b801aa515aac2012f5c0c890d35c954adbeaad5a3
                                                                                                                                                                                                                • Instruction ID: 3af3538ec88f05af04359d75390b7972ba9fc595807763b4b43b1fb2217c3987
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f82b6c5d5ac14f4c3f0be27b801aa515aac2012f5c0c890d35c954adbeaad5a3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97F08C60604B44AEE7A477BC8C8234A32D8FF15310F048060BD48C73E2EBB898C68673
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00485410 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CConfigManager@@IAE@XZ.MGCONFIG(?,0048614E,000000FF), ref: 00485447
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0CCriticalSec@@QAE@XZ.MGCOMMON ref: 004850CF
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z.MGCOMMON ref: 004850EC
                                                                                                                                                                                                                  • Part of subcall function 00485060: ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z.MGCOMMON(?,021E0000,021E0000,00000000), ref: 00485137
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0CRegistrySupp@@QAE@PAUHKEY__@@@Z.MGCOMMON(80000001), ref: 0048514D
                                                                                                                                                                                                                  • Part of subcall function 00485060: ?GetRegValue@CRegistrySupp@@QAEKPAGPBG11@Z.MGCOMMON(?,021E0000,021E0000,00000000), ref: 00485196
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not find installation directory.,?,?,?,80000002), ref: 004851AA
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0CErrRuntimeException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON(?,?,?,80000002), ref: 004851B4
                                                                                                                                                                                                                  • Part of subcall function 00485060: ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 004851C7
                                                                                                                                                                                                                  • Part of subcall function 00485060: _CxxThrowException.MSVCR71(?,004883F0), ref: 004851D7
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892930100.0000000000481000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892906598.0000000000480000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892951827.0000000000487000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892982403.000000000048B000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893010257.000000000048C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_480000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: RegistrySupp@@$Exception@@G11@G@std@@RuntimeU?$char_traits@V?$allocator@Value@Y__@@@$??0?$basic_string@ConfigCriticalExceptionG@2@@std@@G@2@@std@@@Manager@@Sec@@ThrowV0@@V?$basic_string@
                                                                                                                                                                                                                • String ID: |uH
                                                                                                                                                                                                                • API String ID: 665615503-2296712247
                                                                                                                                                                                                                • Opcode ID: 4f7c33b3bf6f59c2e8cd244f8c281a441e1a1fa37dac6ea2d59d533681c03bc1
                                                                                                                                                                                                                • Instruction ID: 95598061b3ab9fcd4a03f50ddc99088a05a19526db2c9056037f434a08d3595e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f7c33b3bf6f59c2e8cd244f8c281a441e1a1fa37dac6ea2d59d533681c03bc1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18E0DFB1644A818FC701FB54A91A70C7BA0E301B14FA04FBEE856A3B92C32C4400C78E
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00406520 Relevance: 3.3, APIs: 2, Instructions: 276COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??3@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 613200358-0
                                                                                                                                                                                                                • Opcode ID: 20cc2aec1de33ffa2700e6245c9a89da73af0b7d225d3a2df294cf70366b035d
                                                                                                                                                                                                                • Instruction ID: 9036bcffac93ac092c7c4d8a2ca14b54f415b57164b783b688ca5fc7954183eb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20cc2aec1de33ffa2700e6245c9a89da73af0b7d225d3a2df294cf70366b035d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C91C5B1A00505AFCB18DF6DCD91AAF77E9AF88304B54853EF80AD7385DA34ED118B94
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00804228 Relevance: 3.1, APIs: 2, Instructions: 128COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: e36a70aeee3331114cc88cfcc40f15003538840dbd78ac1a9e5e40d8c4e5e110
                                                                                                                                                                                                                • Instruction ID: 5b1c95a2d1491f8fd7bf47b2762f589202bae87b08ef1c1b61e9d6d3b3f6c11c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e36a70aeee3331114cc88cfcc40f15003538840dbd78ac1a9e5e40d8c4e5e110
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB41EFB0A42A00AFDBB4DF68DC947567BE5FB58310F10A069EA04C73D2C7788D85CB69
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38C61B Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _lseek.MSVCR71(?,?,?,?,?,7C38C6D1,?,?,?,7C3A2228,0000000C), ref: 7C38C684
                                                                                                                                                                                                                • _errno.MSVCR71(?,?,7C38C6D1,?,?,?,7C3A2228,0000000C), ref: 7C38C699
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno_lseek
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3567847678-0
                                                                                                                                                                                                                • Opcode ID: 22dd8d7425e6015f791353235ccd8cf862658b657609c19c6a7e63bef93ec14a
                                                                                                                                                                                                                • Instruction ID: 51e22111f5459b364ca15ed4f9150122f28957d27bed5e0cd43ccea13691db1f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22dd8d7425e6015f791353235ccd8cf862658b657609c19c6a7e63bef93ec14a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD0104726057008BC7214A29F840A8A73F59F867F4F245B3DE4FFA22D8D32594069E72
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B2C70 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AttributesFilewcslen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 239758025-0
                                                                                                                                                                                                                • Opcode ID: 661a14fd1871249cc5450ef8c5a3463cddd27947fd4f1282fb04cf18d845fea0
                                                                                                                                                                                                                • Instruction ID: b959751b4d5269d44b9d70dd59a5d28b235f073b19daba513c62d3e7d06e8e39
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 661a14fd1871249cc5450ef8c5a3463cddd27947fd4f1282fb04cf18d845fea0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F40144B1E05618ABC7209F1D8C0079EFF78EB80770F10032AE820A33D0E3391902CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00402822 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00407C70: malloc.MSVCR71 ref: 00407C89
                                                                                                                                                                                                                • ??0CUpdateAgent@@QAE@XZ.MGUPDATESUPPORT ref: 00402847
                                                                                                                                                                                                                • ?start@CUpdateAgent@@QAEXXZ.MGUPDATESUPPORT ref: 0040285C
                                                                                                                                                                                                                • ?start@CUpdateAgent@@QAEXXZ.MGUPDATESUPPORT ref: 0040286D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Agent@@Update$?start@$malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3711604974-0
                                                                                                                                                                                                                • Opcode ID: 6860f806424de4820ec1d4f3d0149429b72c65ca74d2ad400593a77074882282
                                                                                                                                                                                                                • Instruction ID: 4ad861c48b8bef9e8109e1a5be549c0537fb909fcc574e392edcdd07c383be02
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6860f806424de4820ec1d4f3d0149429b72c65ca74d2ad400593a77074882282
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501A271A04384DBEB14CF9995487AEFBF1AB48300F14866EE506AB3D1C7F95E00DB55
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004C2F00 Relevance: 3.0, APIs: 2, Instructions: 34networkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,10000000), ref: 004C2F13
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893316133.00000000004C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 004C0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893294302.00000000004C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893337601.00000000004C5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893360960.00000000004C9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4c0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InternetOpen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2038078732-0
                                                                                                                                                                                                                • Opcode ID: 28a23804622b28666c06ede11cc09664b94b5600a997bcd49f9b9a165e695491
                                                                                                                                                                                                                • Instruction ID: 4073f37b8111b0b43e7b61601a23b0fd57db06ee8ed16dd3a2c192cc1b58daff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28a23804622b28666c06ede11cc09664b94b5600a997bcd49f9b9a165e695491
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF05B756047006BD3B4EB289D45F9777949B50730F10CB1EF179DB2D0C6B4E8458755
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C371F2C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 7C371F01: free.MSVCR71(?,?,7C371F49,?,?,?,00000001,7C36A2CA,7C3AB638,?,?,?,?,?,?,7C39F1B0), ref: 7C371F14
                                                                                                                                                                                                                • _close.MSVCR71(?,?,?,?,00000001,7C36A2CA,7C3AB638,?,?,?,?,?,?,7C39F1B0,00000010), ref: 7C371F4C
                                                                                                                                                                                                                • free.MSVCR71(?), ref: 7C371F65
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$_close
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3165389682-0
                                                                                                                                                                                                                • Opcode ID: d24db8e46b2dbc20ea99f7661e4c9889f443c1254eb1d307aba26b871089547c
                                                                                                                                                                                                                • Instruction ID: 28c3d6ed4d16b67dd88a9a0183da0ea7715db2ffc8a4366f935a4cc778985e36
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d24db8e46b2dbc20ea99f7661e4c9889f443c1254eb1d307aba26b871089547c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33F0A033625B0056D7214A3AEC80B8673EA5F822F5F144729E8A9925D4D73EE40B4F92
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C361FA9 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,7C361989,00000001), ref: 7C361FBA
                                                                                                                                                                                                                  • Part of subcall function 7C361F41: GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090,?,?,7C361FD2), ref: 7C361F6A
                                                                                                                                                                                                                • HeapDestroy.KERNEL32 ref: 7C368F57
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$CreateDestroyEnvironmentVariable
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 609028066-0
                                                                                                                                                                                                                • Opcode ID: 07f45b4a6b0a13c14869e3d109acbb0eea470d5837f5bb70052929cdc5494fa1
                                                                                                                                                                                                                • Instruction ID: 13116fd24e758ba09abc68237113ac96594dd9083f347b4dbdee030374135db3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07f45b4a6b0a13c14869e3d109acbb0eea470d5837f5bb70052929cdc5494fa1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92E0A07175A200DBCB105B317D0536936B9BB442C1F200835E08AE9998EB22C044AF22
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004028D0 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??1CUpdateManager@@UAE@XZ.MGUPDATESUPPORT ref: 004028D3
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 004028E1
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??3@Manager@@Update
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3736159236-0
                                                                                                                                                                                                                • Opcode ID: 18432cb54a306e9afee6986c5d3e328aa486b8acaf3e151213a58d3967a05270
                                                                                                                                                                                                                • Instruction ID: 8b1ab164a86f969a1794e5390112f2949daa7e3d2253644e7128baa9dce5fd26
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18432cb54a306e9afee6986c5d3e328aa486b8acaf3e151213a58d3967a05270
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9C08CB2A0926003D2516628AC0CBCB6A880F22344F0884BFFA05A1291C6FDCC9083DA
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00802330 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00802639), ref: 0080235F
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00802639), ref: 00802386
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Virtual$AllocFree
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2087232378-0
                                                                                                                                                                                                                • Opcode ID: c789efb32e03167b79d7def272bb862fa061de039d19d5259a157ba719d9a5b8
                                                                                                                                                                                                                • Instruction ID: 788650af564a9d2ccbdee50b79cff76a0e864605e3564bffd35be0cc7c0e5cec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c789efb32e03167b79d7def272bb862fa061de039d19d5259a157ba719d9a5b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1F02773B003301BDBA0596D0C89B576984FF46B90F160071FA0CEF3EDD6E59C0146A1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081BDF8 Relevance: 1.8, APIs: 1, Instructions: 278fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 0080DE14: GetVersion.KERNEL32(00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000,00000000,?,0081BFBA,00000000,000000FF,0081C1F0), ref: 0080DE44
                                                                                                                                                                                                                  • Part of subcall function 0080DE14: OpenFileMappingW.KERNEL32(00000004,00000000,?,00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000,00000000,?,0081BFBA), ref: 0080DE88
                                                                                                                                                                                                                  • Part of subcall function 0080DE14: OpenFileMappingW.KERNEL32(00000004,00000000,00000000,00000004,00000000,?,00000000,0080DEE0,?,00000000,?,0000000F,00000000,00000000,00000000,00000000), ref: 0080DEB1
                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000032,000F001F,00000000,00000000,00000000,00000000,00000000,000000FF,?,00000000,00000000,00000000,?,00000000,000000FF,0081C1F0), ref: 0081C11F
                                                                                                                                                                                                                  • Part of subcall function 0080DE14: OpenFileMappingA.KERNEL32(00000004,00000000,?), ref: 0080DEBE
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$MappingOpen$VersionView
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1015710088-0
                                                                                                                                                                                                                • Opcode ID: 4d34e6b979ab733cc2fc0808ff73873023bf7e0194c41b787abb1305df3e5af5
                                                                                                                                                                                                                • Instruction ID: 4832d1781a81002f17531bff7cd1d2b7d6b1523539942d6f42beb9b1bb6bbbcf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d34e6b979ab733cc2fc0808ff73873023bf7e0194c41b787abb1305df3e5af5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74B12A70A8020AAFDF50EBA8CC41BCEBBB9FF05304F109525F514E7292D775A956CB16
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38D583 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _sopen.MSVCR71(?,00000109,?,000001A4,?,?,?,?,?,?,7C38A8E6,?,?,?,00000000,7C3A2060), ref: 7C38D6BA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _sopen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2002574630-0
                                                                                                                                                                                                                • Opcode ID: ae17608a33d8eb3bbe74b3202ccfe9af79818df2b671252cb975eb5ceb26ff23
                                                                                                                                                                                                                • Instruction ID: 52863afb6f354f296d0fda0f123a9e33acc562819e19aacc90dca955f9311660
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae17608a33d8eb3bbe74b3202ccfe9af79818df2b671252cb975eb5ceb26ff23
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E43104B1D0110F9ADB059E9585507A97BFAAB413D8FE2427FC9CBA319CD3B085418F31
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38A79D Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _read.MSVCR71(?,?,?,?,7C38C034,?,7C3A2178,0000000C,7C38A78B,7C3AB638), ref: 7C38A7E7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _read
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3312595324-0
                                                                                                                                                                                                                • Opcode ID: b5677d58f5a31d9f073b48dad21e98e0ee95b30f4c3b096d87c39108049e987b
                                                                                                                                                                                                                • Instruction ID: 64f0fdd3f0d2480ce75ff45e383d4addec2b27fb3d03522300e2f413a1aa7129
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5677d58f5a31d9f073b48dad21e98e0ee95b30f4c3b096d87c39108049e987b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8215971404B018FD7268E2AD8507A2BBF1EB413A4B608B1CD8FB86AD0D775E447DFA0
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10013970 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?agentStartUp@CUpdateAgent@@AAEHXZ.MGUPDATESUPPORT ref: 1001399D
                                                                                                                                                                                                                  • Part of subcall function 10013290: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71 ref: 100132E3
                                                                                                                                                                                                                  • Part of subcall function 10013290: ??0CSerialize@@QAE@H@Z.MGCOMMON ref: 100132F7
                                                                                                                                                                                                                  • Part of subcall function 10013290: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 1001332C
                                                                                                                                                                                                                  • Part of subcall function 10013290: ?SendIpcMessage@CIPC@@SGHPBDPAXK1KKH@Z.MGHOOKING(00000000,1001CD75,?,?,0000141C,0000EA60,00000001), ref: 10013348
                                                                                                                                                                                                                  • Part of subcall function 10013290: ??1CSerialize@@QAE@XZ.MGCOMMON ref: 100133BB
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E35
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E51
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E7A
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016E8F
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550,?,00000000), ref: 10016EA4
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Could not load the configuration data.), ref: 10016F1E
                                                                                                                                                                                                                  • Part of subcall function 10016DA0: ??0CErrException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10016F27
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: U?$char_traits@V?$allocator@$G@std@@$G@2@@std@@$??0?$basic_string@$Serialize@@$??4?$basic_string@?agent?c_str@?$basic_string@Agent@@D@2@@std@@D@std@@Exception@@G@2@@std@@@Message@SendStartUpdateV01@V01@@V?$basic_string@malloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2218469973-0
                                                                                                                                                                                                                • Opcode ID: 980cf06ca8ba8ccf9e49a1f574d95879d7b842c5280b2da7b0acef1ddb0a4662
                                                                                                                                                                                                                • Instruction ID: 14849f992c3efe2a7f8de4a9dea91c03c9d46caea02f2262616971c80e3b5544
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 980cf06ca8ba8ccf9e49a1f574d95879d7b842c5280b2da7b0acef1ddb0a4662
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6301D871E446589BD710CF9CD9027AAFBF8EB48620F00457EE51DD7B40D779A9408791
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B6D50 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,?,00000000,00000000,?,007B74AE,00000000,00000000,007B74AE,?,?,00000410), ref: 007B6D7D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                • Opcode ID: 8097a128a050d2cfaabe8c455b9f17572086fd4763f572c189d3251bf2983e08
                                                                                                                                                                                                                • Instruction ID: 3ddb40ef6340830e40941265c1744004dcb4a987fd1ddc4de205314bef1733be
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8097a128a050d2cfaabe8c455b9f17572086fd4763f572c189d3251bf2983e08
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F901E8727082129BDB10CE58D544BABB3F8ABE4710F15881EF691D7294D378EC59CBE1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00405AA0 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,00407AB0,00000000,00000000,?,00000004,00000000,00000004,00407AB0,Version,?,?), ref: 00405ACD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                • Opcode ID: 8e0f261fb498567f39c6d4113f37a7819510f004cdc1dc57950dd1675264b290
                                                                                                                                                                                                                • Instruction ID: 83f86776f303fe8b395b8bbf86cdd7155bf2240a641d815e4755e0349b5e69bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e0f261fb498567f39c6d4113f37a7819510f004cdc1dc57950dd1675264b290
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D0128326046129BD710CE58D480A6BB3F8EBE8714F11492EF591E7290E374EC46CFA5
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00491A80 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,00000000,00000000,00491FC0,Version,?,00000000,?,00000000,00000000), ref: 00491AAD
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                • Opcode ID: 8a596c7cf5d00e8bc5b6b3cd3369697adf1b85ec8bcafeadb4b3f3e1f87df6ef
                                                                                                                                                                                                                • Instruction ID: e73892f7694fd8e5d06716c1daf76746e330234f25c752257f2c73b00775e7bd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a596c7cf5d00e8bc5b6b3cd3369697adf1b85ec8bcafeadb4b3f3e1f87df6ef
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A40128322056129BDB10CE58D444B6BB7E8EBE5710F11882EF591C72A0D374DC56CBE1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00491860 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CallNextHookEx.USER32(?,?,?,?), ref: 004918B7
                                                                                                                                                                                                                  • Part of subcall function 00491490: GetModuleHandleW.KERNEL32(00000000,?,00001000,?,?,?,?,?,00493260,000000FF,?,00491898,?), ref: 004914FE
                                                                                                                                                                                                                  • Part of subcall function 00491490: GetModuleFileNameW.KERNEL32(00000000,?,?,?,?,?,00493260,000000FF,?,00491898,?), ref: 00491505
                                                                                                                                                                                                                  • Part of subcall function 00491490: GetLongPathNameW.KERNEL32(?,?,00001000), ref: 0049151E
                                                                                                                                                                                                                  • Part of subcall function 00491490: wcscpy.MSVCR71 ref: 00491532
                                                                                                                                                                                                                  • Part of subcall function 00491490: PathStripPathW.SHLWAPI(?), ref: 00491542
                                                                                                                                                                                                                  • Part of subcall function 00491490: _wcsicmp.MSVCR71 ref: 00491554
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893049999.0000000000491000.00000020.00000001.01000000.00000012.sdmp, Offset: 00490000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893029594.0000000000490000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893070082.0000000000494000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893089164.0000000000497000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893112207.0000000000498000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_490000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Path$ModuleName$CallFileHandleHookLongNextStrip_wcsicmpwcscpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4255812956-0
                                                                                                                                                                                                                • Opcode ID: 6b20648d0740f505ed66f369baf511e2b2772c9aa280548667a373127b82f62d
                                                                                                                                                                                                                • Instruction ID: 599babb467dfc48929ba05c9f1dd47f5d9f6761790e9bfd1b598fd7d77c0175f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b20648d0740f505ed66f369baf511e2b2772c9aa280548667a373127b82f62d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94F06DB6A04249ABCB00DF85EC41FABBBA8EB49B64F04463AF81583350C6389910C6A4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B2BF0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 007B2C26
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                • Opcode ID: 1240b07e5da49dd9afbad36eba28adceaa9b93d233de386112f16f3ab4e9de04
                                                                                                                                                                                                                • Instruction ID: dc7f9fe506eb3090c66aaf9deae35771e14b9ed2201da4041bac9ec991f7b37a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1240b07e5da49dd9afbad36eba28adceaa9b93d233de386112f16f3ab4e9de04
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88F04FB1E45668ABC7109F9D9805BAEBB78E705B30F10472AE825A33D1D37919018BE1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 004026BB Relevance: 1.5, APIs: 1, Instructions: 27windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ?MessageBoxInitError@@YAXH@Z.MGCOMMON(000002BC,?,000000FF,0040851E,00000000,0040851E), ref: 004026D4
                                                                                                                                                                                                                • ?getConfigManager@CConfigManager@@SAAAV1@XZ.MGCONFIG(?,000000FF,0040851E,00000000,0040851E), ref: 004026EE
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 00402703
                                                                                                                                                                                                                • ?configExists@CConfigManager@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 0040270B
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(Main.ConfigFiles.SweetIMAppConfigFilePath), ref: 00402722
                                                                                                                                                                                                                • ?getDefaultConfig@CConfigManager@@QAEAAVCConfig@@XZ.MGCONFIG ref: 0040272E
                                                                                                                                                                                                                • ?getPropertyAsStringEx@CConfig@@QAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V23@@Z.MGCONFIG(?), ref: 0040273E
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 00402755
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 0040276C
                                                                                                                                                                                                                • ?createConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCONFIG ref: 00402777
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 00402784
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(SweetIMApplicationConfig), ref: 00402799
                                                                                                                                                                                                                • ?getConfig@CConfigManager@@QAEAAVCConfig@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCONFIG ref: 004027A1
                                                                                                                                                                                                                • ??0CUpdateManager@@QAE@XZ.MGUPDATESUPPORT ref: 004027FA
                                                                                                                                                                                                                • ??0CUpdateAgent@@QAE@XZ.MGUPDATESUPPORT ref: 00402847
                                                                                                                                                                                                                • ?start@CUpdateAgent@@QAEXXZ.MGUPDATESUPPORT ref: 0040285C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1892750434.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892725646.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892779763.0000000000409000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892803659.000000000040D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1892825887.000000000040E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_400000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$ConfigManager@@$??0?$basic_string@$?getConfig@@V?$basic_string@$Config@Update$Agent@@G@2@@std@@@$??1?$basic_string@?config?create?start@DefaultError@@Exists@G@2@@std@@0@InitManager@MessagePropertyStringV01@@V23@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2919703622-0
                                                                                                                                                                                                                • Opcode ID: 3e09662b8f9d7abda28d3bc8487b002bbe48e405478c0be0080882450bba952e
                                                                                                                                                                                                                • Instruction ID: 855bba300f1d5865086f39b7daf4f7de868962e4c5198bb74001eb2de677687f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e09662b8f9d7abda28d3bc8487b002bbe48e405478c0be0080882450bba952e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADF0A072A007109FEB20DF959A45BAAF3B0EF54700F00853FE943666C1EBB9A9008A95
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E5A8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualQuery.KERNEL32(0081E5A8,?,0000001C), ref: 0081E5C2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1804819252-0
                                                                                                                                                                                                                • Opcode ID: 3d86a359bb00cfdb19a475807e2018e7970451c54cedac3ece2bafa3af824176
                                                                                                                                                                                                                • Instruction ID: f73bcba5db688ed957bacf13073f6718d7f7fd1d28def765b07692fa1ac936da
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d86a359bb00cfdb19a475807e2018e7970451c54cedac3ece2bafa3af824176
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43F03070940309AEFB308A98DD46BEA7778FB18319F044616EE04D52C0FAB499C08A92
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38A8AC Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 7C38D461: _lock.MSVCR71(00000001,7C3A2368,00000010,7C38A740,7C3A2050,0000000C), ref: 7C38D476
                                                                                                                                                                                                                • _errno.MSVCR71(7C3A2060,00000010), ref: 7C38A8C4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno_lock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3113008315-0
                                                                                                                                                                                                                • Opcode ID: c9115a1772648932efd3a1513df5525b6ad9ea7b4df2a7b69912d04c2dbdd84a
                                                                                                                                                                                                                • Instruction ID: 4fe9d4f54bbfdc30ca8fe13065fd6711ee0e9d8f74c9063263fcab1c44f1a043
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9115a1772648932efd3a1513df5525b6ad9ea7b4df2a7b69912d04c2dbdd84a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2F0307194020AABEF419FA4CC006DD7AB4EF04394F504154E961AA1A0DB7A461BAF32
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E5F6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0081E60F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileModuleName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 514040917-0
                                                                                                                                                                                                                • Opcode ID: 8e2f7bbafe4b02ca50f58190dd8b11f33559603c0045d9966a3acb9b8e73fd96
                                                                                                                                                                                                                • Instruction ID: 90eb3e630a07bb9206f626a2bf06f97b9e0dbe857e3426e51a94b6b4fbc7e8ca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e2f7bbafe4b02ca50f58190dd8b11f33559603c0045d9966a3acb9b8e73fd96
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21E08C71640208BFE770DB689D4BFA733E8FB28711F404021BA0CDA1D0EAB09990CB95
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E5F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0081E60F
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileModuleName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 514040917-0
                                                                                                                                                                                                                • Opcode ID: bd4243126e38765bf9fb5036369bfcefcb0a84ecdf15e2ca8cea13079aabfd0d
                                                                                                                                                                                                                • Instruction ID: baeedeb8dd86e9a836ae5f1972ed6d5f9abfdcf5b9c00d16bff27b3f44e7c024
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd4243126e38765bf9fb5036369bfcefcb0a84ecdf15e2ca8cea13079aabfd0d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E08C71640208AFE770DB689D4BF9733A8FB28711F404021BA0CDA1D0EAB05590CB95
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C3627FC Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 7C36279A: RtlAllocateHeap.NTDLL(00000000,7C370E09,7C39A3C0,00000010,7C36280C,000000E0,7C362829,7C370E09,7C36B104,00000018,7C39F610,00000008,7C368A34,7C370E09,?), ref: 7C3627DE
                                                                                                                                                                                                                • _callnewh.MSVCR71(000000E0,7C362829,7C370E09,7C36B104,00000018,7C39F610,00000008,7C368A34,7C370E09,?,?,7C368D70,00000004,7C39A2A8,00000010,7C368B62), ref: 7C368C9A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap_callnewh
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 80760763-0
                                                                                                                                                                                                                • Opcode ID: 745399c0ba11981261775c86068be182772b10d04a4bb9703cb79ba4fd5c9a85
                                                                                                                                                                                                                • Instruction ID: 38511ff6aaa0af884bda27a0fa2ceb4e679d65382c2656c121f6b4892d75454e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 745399c0ba11981261775c86068be182772b10d04a4bb9703cb79ba4fd5c9a85
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49D01234449303E9DB1145218E04D06AEA4AB845D5F12CD3EE4D6B0ADCD737C801AD03
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00801560 Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • DisableThreadLibraryCalls.KERNEL32(?), ref: 00801588
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CallsDisableLibraryThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1446121453-0
                                                                                                                                                                                                                • Opcode ID: 3ede228c609c2728a5a63e6961a0c10bfcb132ea4aca44ded35c200ef18dae80
                                                                                                                                                                                                                • Instruction ID: ee5f93db972ff4764abff18739680003e94d63167095b8b37cd63922c8369e88
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ede228c609c2728a5a63e6961a0c10bfcb132ea4aca44ded35c200ef18dae80
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42E01239244201E7DB40AB54DC5CF8EB7D4FBB8B62F804455F401C6664C675C890CE21
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 007B6670 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(?), ref: 007B6681
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893726370.00000000007B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 007B0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893698679.00000000007B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893761079.00000000007D7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893806747.00000000007EC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893827050.00000000007ED000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7b0000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                • Opcode ID: de11869011eb8acdff15096e71c2fc1e5d382e18368e9101143655bd0f28b110
                                                                                                                                                                                                                • Instruction ID: cebd90840399049d2221e89cc0a7535e84e83911e9ece4935f823ee07ede662b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de11869011eb8acdff15096e71c2fc1e5d382e18368e9101143655bd0f28b110
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10D0C9702093248BD3284F18A5087827BF8AB48B24B01496EA599C3300E7BD9880CB44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 008057E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 008057C0: TlsGetValue.KERNEL32(00000016), ref: 008057D8
                                                                                                                                                                                                                  • Part of subcall function 008057C0: LocalFree.KERNEL32(00000000,00000016), ref: 008057E2
                                                                                                                                                                                                                • TlsFree.KERNEL32(00000016), ref: 00805805
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Free$LocalValue
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2967491550-0
                                                                                                                                                                                                                • Opcode ID: 25c0eadd4cc46b6db8ad84ab2819757877099a134549d549b5c2c0f0e6e3446a
                                                                                                                                                                                                                • Instruction ID: da660ce092d3ac546f20fda3f7a32b2020cf7431d17b657fcd82ae890247de45
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25c0eadd4cc46b6db8ad84ab2819757877099a134549d549b5c2c0f0e6e3446a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AC00220501F02D6DEE866799C1961721A4F700361B84D224A864C65E1DA248806DE36
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 7C38A908 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _fsopen.MSVCR71(?,?,00000040), ref: 7C38A912
                                                                                                                                                                                                                  • Part of subcall function 7C38A8AC: _errno.MSVCR71(7C3A2060,00000010), ref: 7C38A8C4
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895440500.000000007C361000.00000020.00000001.01000000.00000011.sdmp, Offset: 7C360000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895415267.000000007C360000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895478014.000000007C39A000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895520568.000000007C3AB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895544987.000000007C3AF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895571234.000000007C3B0000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895592086.000000007C3B2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_7c360000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno_fsopen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1754356438-0
                                                                                                                                                                                                                • Opcode ID: b52c794c3ab0d6e557bf0c9c473430f4865f9d02b10283d8a710e779f6884698
                                                                                                                                                                                                                • Instruction ID: c3e19978cce0290401abbd6b92cfe885c06f69ce2024db3d8ccc3609f78541a3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b52c794c3ab0d6e557bf0c9c473430f4865f9d02b10283d8a710e779f6884698
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FB012B54442007EDE010640AC01B097B916B80720FD0C414B76C100609237912E9A17
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0080240C Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 00802470
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                • Opcode ID: 0de9f4ad364175af443b93ac24ca2c6a08017ba36ab9d185ca885a07dc02b33b
                                                                                                                                                                                                                • Instruction ID: 4499e384ce067ac163fa8e75d27d90ef3e4bc8ad17757e8c6a2452607ef80af2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0de9f4ad364175af443b93ac24ca2c6a08017ba36ab9d185ca885a07dc02b33b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D21E370608B11AFC754DF19CC84A1ABBE1FF84760F14C969E498CB291D3B4E845CB9A
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 008024C4 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00802531
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                • Opcode ID: 996b6ff37b9f5d29cb7a8fe670aca3b3537c09954ebe647a180f1b26cfea522e
                                                                                                                                                                                                                • Instruction ID: d002dfbe465aa1f02c7e067ad46effdf336e0689cafe5e1fefb90bb3952d55ef
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 996b6ff37b9f5d29cb7a8fe670aca3b3537c09954ebe647a180f1b26cfea522e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58117C72A047059FC3A0DF29CD84A2ABBE5FBC4764F15C52CE598973A4D670EC408A85
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00802558 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00004000,?,0000000C,?,?,00003FFF,008027BF), ref: 008025B2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                • Opcode ID: bc1d22e186018a7e539f4ac7b78faa7658dfcc5e2a20c909b6aba189814a2594
                                                                                                                                                                                                                • Instruction ID: 0e6f2ee3e8a000c1465c40a9d582b97be0c531e60f8729fb7c7f073d16747907
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc1d22e186018a7e539f4ac7b78faa7658dfcc5e2a20c909b6aba189814a2594
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C012B726043144FC3909F28DCD8D2A77D4FB88324F15453CDA88D7781E6B6BC058BA4
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0081E315 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,0081E317,00000000,?,00000000,0081E310,?,00000000,00000028,?,00000000,0081E332), ref: 0081E30A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1893873243.0000000000801000.00000020.00000001.01000000.00000015.sdmp, Offset: 00800000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893849837.0000000000800000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893902337.000000000081F000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893926350.0000000000822000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1893956770.0000000000824000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_800000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                • Opcode ID: e803cf65837651f8079f62c4752b33c75ad3991cb06ef12f64c426698b45abb3
                                                                                                                                                                                                                • Instruction ID: 700bc7c8071e5e8bb151479a9d3934890fdd0436bb51051bf7a9955620f4ee50
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e803cf65837651f8079f62c4752b33c75ad3991cb06ef12f64c426698b45abb3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5A00279D05508F6EE60F6E8DA5989E666CFE4C3147F008807515D3545C6399A407A21
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 10012050 Relevance: 54.4, APIs: 36, Instructions: 444timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012097
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 10012109
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10012121
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(?,?), ref: 10012141
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001215C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001216E
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100121B0
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 100121C4
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100121DE
                                                                                                                                                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP71 ref: 100121E7
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012251
                                                                                                                                                                                                                  • Part of subcall function 10011340: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(10011C73,00000000,?,?,?,?,?,10028B98,1001C968,000000FF,?,10011C73,10028B98,00000001,?), ref: 1001136D
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 10012270
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100122DF
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100122FD
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(?,?), ref: 1001231A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012333
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012345
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012377
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 10012389
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100123AF
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 100123C3
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100123DA
                                                                                                                                                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP71 ref: 100123E3
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001244D
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1001246F
                                                                                                                                                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP71 ref: 1001247F
                                                                                                                                                                                                                • ?StringCmpi@@YAHABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z.MGCOMMON(?,?), ref: 10012497
                                                                                                                                                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71(?), ref: 100124AD
                                                                                                                                                                                                                • ?GetCurrentSystemDateTimeInFileTimeFormat@@YGHAAU_FILETIME@@@Z.MGCOMMON(?), ref: 100124E4
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001251A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012538
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 10012547
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10012561
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001257D
                                                                                                                                                                                                                • ??3@YAXPAX@Z.MSVCR71 ref: 1001258C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100125A9
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@$??1?$basic_string@$V01@@$??0?$basic_string@$??4?$basic_string@V01@$??3@?size@?$basic_string@Cmpi@@G@2@@std@@0@StringV?$basic_string@$Time$CurrentDateE@@@FileFormat@@System
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2950825681-0
                                                                                                                                                                                                                • Opcode ID: a7eb26a074964c3fbd55b5ba09ec97003bfa6e53e633031623fef521a87603b2
                                                                                                                                                                                                                • Instruction ID: 9edfa680bcc7f28b816e4f70f381903cba7b2abfd989d40d52bc57b8cc29db5f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7eb26a074964c3fbd55b5ba09ec97003bfa6e53e633031623fef521a87603b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD026CB5E00219DFDB14CFA8C8C4ADEBBB5FF58300F258159E906AB241D770AE95CB61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 1001000B Relevance: 49.7, APIs: 33, Instructions: 208COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CErrException@@QAE@ABV0@@Z.MGCOMMON(?), ref: 10010012
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A55C), ref: 10010021
                                                                                                                                                                                                                • ??0CXmlNode@@QAE@PAVTiXmlNode@@@Z.MGXML_WRAPPER(00000000), ref: 1001005B
                                                                                                                                                                                                                • ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@@XZ.MGXML_WRAPPER(?), ref: 10010071
                                                                                                                                                                                                                • ?createElement@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100384B8), ref: 10010082
                                                                                                                                                                                                                • ?appendChild@CXmlNode@@QAEXABV1@@Z.MGXML_WRAPPER(?), ref: 1001009A
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10038598), ref: 100100B1
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 100100BD
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 100100CA
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385B4), ref: 100100DB
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 10010104
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 10010113
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 10010124
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10010131
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 1001013E
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385D0), ref: 10010150
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 10010177
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 10010186
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 10010197
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100101A4
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 100101B1
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385EC), ref: 100101C3
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 100101EA
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 100101F9
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 1001020A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10010217
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 10010224
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10038608), ref: 10010236
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 1001025D
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 1001026C
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 1001027D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001028A
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 10010297
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@Node@@U?$char_traits@V?$allocator@$G@2@@std@@@V?$basic_string@$?set$G@2@@std@@$Document@@$?createV1@@$AttributeAttribute@NodeNode@Value@$??0?$basic_string@??1?$basic_string@_itow$?append?getChild@DocumentElement@ExceptionException@@Node@@@Root@ThrowV0@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1457951927-0
                                                                                                                                                                                                                • Opcode ID: 80af54149ae95d943aca99fc643e7456aedbe6139b190b9bf6aac156b0d15db9
                                                                                                                                                                                                                • Instruction ID: fedcf85131375c788a8d33e27d96af3ea6c5ab7772c0e2443ba0577ea7245a53
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80af54149ae95d943aca99fc643e7456aedbe6139b190b9bf6aac156b0d15db9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1813F72900219EFDB05DB94CDD8EEEB779FF58300F204159E60AA7190DB756B0ACB91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10010030 Relevance: 46.7, APIs: 31, Instructions: 190COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CXmlNode@@QAE@PAVTiXmlNode@@@Z.MGXML_WRAPPER(00000000), ref: 1001005B
                                                                                                                                                                                                                • ?getDocumentRoot@CXmlDocument@@QAE?AVCXmlNode@@XZ.MGXML_WRAPPER(?), ref: 10010071
                                                                                                                                                                                                                • ?createElement@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100384B8), ref: 10010082
                                                                                                                                                                                                                • ?appendChild@CXmlNode@@QAEXABV1@@Z.MGXML_WRAPPER(?), ref: 1001009A
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10038598), ref: 100100B1
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 100100BD
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 100100CA
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385B4), ref: 100100DB
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 10010104
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 10010113
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 10010124
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10010131
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 1001013E
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385D0), ref: 10010150
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 10010177
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 10010186
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 10010197
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100101A4
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 100101B1
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,100385EC), ref: 100101C3
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 100101EA
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 100101F9
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 1001020A
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10010217
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 10010224
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10038608), ref: 10010236
                                                                                                                                                                                                                • _itow.MSVCR71 ref: 1001025D
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(?), ref: 1001026C
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?), ref: 1001027D
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1001028A
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 10010297
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@Node@@U?$char_traits@V?$allocator@$G@2@@std@@@V?$basic_string@$?set$G@2@@std@@$Document@@$?createV1@@$AttributeAttribute@NodeNode@Value@$??0?$basic_string@??1?$basic_string@_itow$?append?getChild@DocumentElement@Node@@@Root@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1720962597-0
                                                                                                                                                                                                                • Opcode ID: 67279235dc30fc9ad4d293d3941eea66cd6c7f9007e3dccdefa28af3da8a14d2
                                                                                                                                                                                                                • Instruction ID: b63f62dbe091d9155f456da4124b2b58ca8a67c4609a6d024ebf48f65a63a90b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67279235dc30fc9ad4d293d3941eea66cd6c7f9007e3dccdefa28af3da8a14d2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE813D72900259EFDB05DB94CDD8EEEB779FF58300F104159E60AA7290DB356B0ACB91
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 1000A030 Relevance: 43.7, APIs: 29, Instructions: 177windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 10009980: GetSystemMetrics.USER32(00000000), ref: 10009991
                                                                                                                                                                                                                  • Part of subcall function 10009980: GetSystemMetrics.USER32(00000001), ref: 10009997
                                                                                                                                                                                                                  • Part of subcall function 10009980: ?CalcWindowNoneClientArea@@YAXPAUHWND__@@AAJ111@Z.MGCOMMON(?,?,?,?,?), ref: 100099C8
                                                                                                                                                                                                                  • Part of subcall function 10009980: MoveWindow.USER32(?,00000000,00000000,?,?,00000001), ref: 10009A03
                                                                                                                                                                                                                  • Part of subcall function 10009980: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 10009A08
                                                                                                                                                                                                                  • Part of subcall function 10009980: SetWindowTextW.USER32(?,00000000), ref: 10009A10
                                                                                                                                                                                                                  • Part of subcall function 10009980: GetDlgItem.USER32(?,000003E9), ref: 10009A1C
                                                                                                                                                                                                                  • Part of subcall function 10009980: MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 10009A35
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 1000A04C
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A077
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000A07F
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 1000A08B
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EB), ref: 1000A097
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A0BC
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000A0C4
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 1000A0D0
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 1000A0DC
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A0FD
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 1000A105
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A12A
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000A132
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 1000A13E
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EF), ref: 1000A14A
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A16B
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 1000A173
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A198
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000A1A0
                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 1000A1AC
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F1), ref: 1000A1B8
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A1D9
                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 1000A1E1
                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 1000A20E
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000A216
                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,00000000), ref: 1000A21E
                                                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 1000A22F
                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 1000A238
                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 1000A247
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Window$Move$Item$?c_str@?$basic_string@G@2@@std@@G@std@@TextU?$char_traits@V?$allocator@$LongMetricsSystem$Area@@CalcClientD__@@FocusJ111@None
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2009720327-0
                                                                                                                                                                                                                • Opcode ID: 8bd80772308a214750229a0c08da38e1a5d7c8a131a78b5bae00fab7406263dd
                                                                                                                                                                                                                • Instruction ID: f0dd9e411d4db66a476a21cdd87e85a00d1eb123b6125c91f6d3f6c7d5985a90
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bd80772308a214750229a0c08da38e1a5d7c8a131a78b5bae00fab7406263dd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6851B971250A00AFE215DBA5CCC5FEBB7EDEB8D701F104A0CF29E93290DA75B8458B65
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10002027 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 10001080: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71 ref: 100010AA
                                                                                                                                                                                                                  • Part of subcall function 10001080: ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71 ref: 100010BF
                                                                                                                                                                                                                  • Part of subcall function 10001080: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100010CC
                                                                                                                                                                                                                  • Part of subcall function 10001080: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 100010E3
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 1000204F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10002061
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 1000206D
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 1000207E
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,100298A8), ref: 10002090
                                                                                                                                                                                                                • ??0CXmlNode@@QAE@PAVTiXmlNode@@@Z.MGXML_WRAPPER(00000000), ref: 100020D0
                                                                                                                                                                                                                • ?createElement@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10034F18), ref: 100020EB
                                                                                                                                                                                                                • ?appendChild@CXmlNode@@QAEXABV1@@Z.MGXML_WRAPPER(?), ref: 10002103
                                                                                                                                                                                                                • ?createAttribute@CXmlDocument@@QAE?AVCXmlNode@@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER(?,10034F34), ref: 10002114
                                                                                                                                                                                                                • ?setNodeValue@CXmlNode@@QAEXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGXML_WRAPPER ref: 10002121
                                                                                                                                                                                                                • ?setAttributeNode@CXmlNode@@QAEXAAV1@@Z.MGXML_WRAPPER(?), ref: 1000212E
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Could not build the System Info Yahoo Messenger Parameter node: , xrefs: 10002036
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@std@@Node@@$G@2@@std@@@V?$basic_string@$??0?$basic_string@V01@@$??1?$basic_string@?create?setDocument@@Exception@@FormatMessageV1@@$?appendAttributeAttribute@Child@Element@ExceptionNodeNode@Node@@@ThrowV01@V0@@Value@Y?$basic_string@
                                                                                                                                                                                                                • String ID: Could not build the System Info Yahoo Messenger Parameter node:
                                                                                                                                                                                                                • API String ID: 2505361947-2327002077
                                                                                                                                                                                                                • Opcode ID: 2194b88fcc05521de37789124dc3993ee4caf16909b9977d897b3bc66da714ee
                                                                                                                                                                                                                • Instruction ID: 1d4b36a032d98257420021c36b1f52e104c1d7e7753213a9d0e4feba005d643c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2194b88fcc05521de37789124dc3993ee4caf16909b9977d897b3bc66da714ee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58315C75900219EFDB04DF94CD88BEEBBB9FB4D310F108159F606A7290DB756A09CBA1
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 1000500C Relevance: 18.1, APIs: 12, Instructions: 55windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CErrParseException@@QAE@ABV0@@Z.MGCOMMON(?), ref: 10005016
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002ACE8), ref: 10005028
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000503E
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(00000000), ref: 1000504D
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 10005056
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 10005067
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,100298A8), ref: 10005079
                                                                                                                                                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP71 ref: 1000508F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(00000000), ref: 1000509E
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z.MGCOMMON ref: 100050A7
                                                                                                                                                                                                                • ??0CErrMessageFormatException@@QAE@ABV0@@Z.MGCOMMON(00000000), ref: 100050B8
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,100298A8), ref: 100050CA
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$Exception@@$FormatG@2@@std@@Message$ExceptionThrowV0@@$??0?$basic_string@?c_str@?$basic_string@G@2@@std@@@V?$basic_string@$Parse
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1872964136-0
                                                                                                                                                                                                                • Opcode ID: dba4ef0f92ecff0974c5d3c0e975e16753c80d24de2fba34acc95da7461db1ee
                                                                                                                                                                                                                • Instruction ID: c98eaf7b577b07daa217bdbf4299a0579ed61d9cba4ff13fa2c869fe1b12148b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dba4ef0f92ecff0974c5d3c0e975e16753c80d24de2fba34acc95da7461db1ee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80213871900159EFDF04EBE4CD889EEBB79EF09300F204588E106A7150DB34AA4ACF61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10019000 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AA_N@Z.MGCOMMON(?,?,?,?,?,?,?,10013393,?), ref: 10019020
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAH@Z.MGCOMMON ref: 10019028
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAG@Z.MGCOMMON ref: 10019030
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAG@Z.MGCOMMON ref: 10019038
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAG@Z.MGCOMMON ref: 10019040
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAG@Z.MGCOMMON ref: 10019048
                                                                                                                                                                                                                • ??5CSerialize@@QAEAAV0@AAH@Z.MGCOMMON ref: 10019050
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Serialize@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2785693652-0
                                                                                                                                                                                                                • Opcode ID: ed6e9865869f65d037aa0460d8c48853322693eb286e9336815fc8c5ead14f5e
                                                                                                                                                                                                                • Instruction ID: 1317551fc14855cc103dff6d7ce59a734226e83fef293da8f33a8ae2d92783a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed6e9865869f65d037aa0460d8c48853322693eb286e9336815fc8c5ead14f5e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF06D756102509BDF08DFB0CC9C8AA37A9BB9C205320495DF507C7355EA35DA178B90
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 1000C050 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: malloc.MSVCR71 ref: 1001A4D7
                                                                                                                                                                                                                • wcscpy.MSVCR71 ref: 1000C095
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: _callnewh.MSVCR71 ref: 1001A4C6
                                                                                                                                                                                                                  • Part of subcall function 1001A4BE: ?_Nomemory@std@@YAXXZ.MSVCP71(?,100012ED,00000048,?,?,1001AA5B,000000FF), ref: 1001A4D0
                                                                                                                                                                                                                • wcscpy.MSVCR71 ref: 1000C0E8
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: wcscpy$Nomemory@std@@_callnewhmalloc
                                                                                                                                                                                                                • String ID: IE_ChangeUI$IE_NewWinEnable
                                                                                                                                                                                                                • API String ID: 3223004405-1749009674
                                                                                                                                                                                                                • Opcode ID: 50dae4460c864e17b949f6e1dfb8a67a945918a81b124a36a87f672d75dba132
                                                                                                                                                                                                                • Instruction ID: 07b73f159b3703d69e43c3e3ddcc6016ff1610b39977a2b52c0307b07f46b7a0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50dae4460c864e17b949f6e1dfb8a67a945918a81b124a36a87f672d75dba132
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52216578241A00DFD325DF24C595A12FBE1FF89704B15865CD6564F765C7B5F881CB80
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10009050 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CBSCallbackImpl@@QAE@XZ.MGCOMMUNICATION(?,?,00000000,00000000,1001BB1C,000000FF,10015E0C,00000000), ref: 1000906E
                                                                                                                                                                                                                • ??0CCriticalSec@@QAE@XZ.MGCOMMON(?,?,00000000), ref: 10009091
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z.MSVCP71(10026550), ref: 100090A4
                                                                                                                                                                                                                • ??0CDownloadManager@@QAE@XZ.MGCOMMUNICATION ref: 100090C6
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ??0?$basic_string@CallbackCriticalDownloadG@2@@std@@G@std@@Impl@@Manager@@Sec@@U?$char_traits@V?$allocator@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2689370638-0
                                                                                                                                                                                                                • Opcode ID: 0e7aaef2532351052f1cd4c482c69f22b6deda4ef5df211a683a40858a4638e0
                                                                                                                                                                                                                • Instruction ID: f7c5ed8cdb7070f5ddd4fcc7ab3ab5e2cbe15918a513db49f4932af4a4df9033
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e7aaef2532351052f1cd4c482c69f22b6deda4ef5df211a683a40858a4638e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5111BB1404B91CFD320CF19D948756FBE8FFA8714F50491EE49683B61C7B8A509CB92
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10001000 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 1000102A
                                                                                                                                                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP71 ref: 1000103F
                                                                                                                                                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1000104C
                                                                                                                                                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP71 ref: 10001063
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$V01@@$??0?$basic_string@$??1?$basic_string@V01@Y?$basic_string@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2664418556-0
                                                                                                                                                                                                                • Opcode ID: 5deae2c6e13679d44fd04fe4cffa3a30a6367b2e8923b51a785a374790a60c47
                                                                                                                                                                                                                • Instruction ID: 608b8208353776f13999110558d13293388a1ffc8a0242e206466f9f862c3f5a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5deae2c6e13679d44fd04fe4cffa3a30a6367b2e8923b51a785a374790a60c47
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DF01975108250EFD344DB54CD88B5BBBE4FB8C714F408A0DF89A83390C7789949CB52
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 10008029 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@ABV0@@Z.MGCOMMON(?), ref: 10008046
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A56C), ref: 10008058
                                                                                                                                                                                                                • ??0CErrRuntimeException@@QAE@XZ.MGCOMMON(?,1002A56C), ref: 10008076
                                                                                                                                                                                                                • _CxxThrowException.MSVCR71(?,1002A56C), ref: 10008088
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000007.00000002.1895242678.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895219944.0000000010000000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895275872.0000000010026000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895304349.0000000010034000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000007.00000002.1895371327.000000001003A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_10000000_SweetIM.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionException@@RuntimeThrow$V0@@
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 341601282-0
                                                                                                                                                                                                                • Opcode ID: f3f5412b0a60ecd1272fb7c863a34995c26dc3d9e1dc6563102baffca5629631
                                                                                                                                                                                                                • Instruction ID: 34be5a7008e3d4b7de4d342594fd57473189df355444438238e7711bf684d744
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3f5412b0a60ecd1272fb7c863a34995c26dc3d9e1dc6563102baffca5629631
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F0EC34A0011A8BDB54CBA4CC94AEEB379EF08244F504599A60AAA551DB34EEC6CF61
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%